aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--arch/arm/mach-tegra/fuse.c2
-rw-r--r--arch/x86/crypto/Makefile2
-rw-r--r--arch/x86/crypto/blowfish_glue.c191
-rw-r--r--arch/x86/crypto/camellia-x86_64-asm_64.S520
-rw-r--r--arch/x86/crypto/camellia_glue.c1952
-rw-r--r--arch/x86/crypto/serpent-sse2-i586-asm_32.S29
-rw-r--r--arch/x86/crypto/serpent-sse2-x86_64-asm_64.S29
-rw-r--r--arch/x86/crypto/serpent_sse2_glue.c394
-rw-r--r--arch/x86/crypto/twofish_glue.c2
-rw-r--r--arch/x86/crypto/twofish_glue_3way.c265
-rw-r--r--crypto/Kconfig18
-rw-r--r--crypto/Makefile2
-rw-r--r--crypto/algapi.c35
-rw-r--r--crypto/camellia_generic.c (renamed from crypto/camellia.c)104
-rw-r--r--crypto/crypto_user.c2
-rw-r--r--crypto/tcrypt.c12
-rw-r--r--crypto/testmgr.c45
-rw-r--r--crypto/testmgr.h1383
-rw-r--r--drivers/char/hw_random/tx4939-rng.c5
-rw-r--r--drivers/crypto/Kconfig11
-rw-r--r--drivers/crypto/Makefile1
-rw-r--r--drivers/crypto/caam/caamalg.c126
-rw-r--r--drivers/crypto/caam/ctrl.c2
-rw-r--r--drivers/crypto/geode-aes.c6
-rw-r--r--drivers/crypto/hifn_795x.c3
-rw-r--r--drivers/crypto/ixp4xx_crypto.c4
-rw-r--r--drivers/crypto/mv_cesa.c12
-rw-r--r--drivers/crypto/n2_core.c7
-rw-r--r--drivers/crypto/omap-aes.c8
-rw-r--r--drivers/crypto/omap-sham.c4
-rw-r--r--drivers/crypto/picoxcell_crypto.c46
-rw-r--r--drivers/crypto/s5p-sss.c6
-rw-r--r--drivers/crypto/talitos.c1
-rw-r--r--drivers/crypto/tegra-aes.c1096
-rw-r--r--drivers/crypto/tegra-aes.h103
-rw-r--r--include/linux/crypto.h7
-rw-r--r--include/linux/padata.h6
-rw-r--r--kernel/padata.c44
38 files changed, 5831 insertions, 654 deletions
diff --git a/arch/arm/mach-tegra/fuse.c b/arch/arm/mach-tegra/fuse.c
index 1fa26d9a1a68..ea49bd93c6b9 100644
--- a/arch/arm/mach-tegra/fuse.c
+++ b/arch/arm/mach-tegra/fuse.c
@@ -19,6 +19,7 @@
19 19
20#include <linux/kernel.h> 20#include <linux/kernel.h>
21#include <linux/io.h> 21#include <linux/io.h>
22#include <linux/module.h>
22 23
23#include <mach/iomap.h> 24#include <mach/iomap.h>
24 25
@@ -58,6 +59,7 @@ unsigned long long tegra_chip_uid(void)
58 hi = fuse_readl(FUSE_UID_HIGH); 59 hi = fuse_readl(FUSE_UID_HIGH);
59 return (hi << 32ull) | lo; 60 return (hi << 32ull) | lo;
60} 61}
62EXPORT_SYMBOL(tegra_chip_uid);
61 63
62int tegra_sku_id(void) 64int tegra_sku_id(void)
63{ 65{
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index 2b0b9631474b..e191ac048b59 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -8,6 +8,7 @@ obj-$(CONFIG_CRYPTO_SALSA20_586) += salsa20-i586.o
8obj-$(CONFIG_CRYPTO_SERPENT_SSE2_586) += serpent-sse2-i586.o 8obj-$(CONFIG_CRYPTO_SERPENT_SSE2_586) += serpent-sse2-i586.o
9 9
10obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o 10obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o
11obj-$(CONFIG_CRYPTO_CAMELLIA_X86_64) += camellia-x86_64.o
11obj-$(CONFIG_CRYPTO_BLOWFISH_X86_64) += blowfish-x86_64.o 12obj-$(CONFIG_CRYPTO_BLOWFISH_X86_64) += blowfish-x86_64.o
12obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o 13obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o
13obj-$(CONFIG_CRYPTO_TWOFISH_X86_64_3WAY) += twofish-x86_64-3way.o 14obj-$(CONFIG_CRYPTO_TWOFISH_X86_64_3WAY) += twofish-x86_64-3way.o
@@ -25,6 +26,7 @@ salsa20-i586-y := salsa20-i586-asm_32.o salsa20_glue.o
25serpent-sse2-i586-y := serpent-sse2-i586-asm_32.o serpent_sse2_glue.o 26serpent-sse2-i586-y := serpent-sse2-i586-asm_32.o serpent_sse2_glue.o
26 27
27aes-x86_64-y := aes-x86_64-asm_64.o aes_glue.o 28aes-x86_64-y := aes-x86_64-asm_64.o aes_glue.o
29camellia-x86_64-y := camellia-x86_64-asm_64.o camellia_glue.o
28blowfish-x86_64-y := blowfish-x86_64-asm_64.o blowfish_glue.o 30blowfish-x86_64-y := blowfish-x86_64-asm_64.o blowfish_glue.o
29twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o 31twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o
30twofish-x86_64-3way-y := twofish-x86_64-asm_64-3way.o twofish_glue_3way.o 32twofish-x86_64-3way-y := twofish-x86_64-asm_64-3way.o twofish_glue_3way.o
diff --git a/arch/x86/crypto/blowfish_glue.c b/arch/x86/crypto/blowfish_glue.c
index b05aa163d55a..7967474de8f7 100644
--- a/arch/x86/crypto/blowfish_glue.c
+++ b/arch/x86/crypto/blowfish_glue.c
@@ -25,6 +25,7 @@
25 * 25 *
26 */ 26 */
27 27
28#include <asm/processor.h>
28#include <crypto/blowfish.h> 29#include <crypto/blowfish.h>
29#include <linux/crypto.h> 30#include <linux/crypto.h>
30#include <linux/init.h> 31#include <linux/init.h>
@@ -76,27 +77,6 @@ static void blowfish_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
76 blowfish_dec_blk(crypto_tfm_ctx(tfm), dst, src); 77 blowfish_dec_blk(crypto_tfm_ctx(tfm), dst, src);
77} 78}
78 79
79static struct crypto_alg bf_alg = {
80 .cra_name = "blowfish",
81 .cra_driver_name = "blowfish-asm",
82 .cra_priority = 200,
83 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
84 .cra_blocksize = BF_BLOCK_SIZE,
85 .cra_ctxsize = sizeof(struct bf_ctx),
86 .cra_alignmask = 3,
87 .cra_module = THIS_MODULE,
88 .cra_list = LIST_HEAD_INIT(bf_alg.cra_list),
89 .cra_u = {
90 .cipher = {
91 .cia_min_keysize = BF_MIN_KEY_SIZE,
92 .cia_max_keysize = BF_MAX_KEY_SIZE,
93 .cia_setkey = blowfish_setkey,
94 .cia_encrypt = blowfish_encrypt,
95 .cia_decrypt = blowfish_decrypt,
96 }
97 }
98};
99
100static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk, 80static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
101 void (*fn)(struct bf_ctx *, u8 *, const u8 *), 81 void (*fn)(struct bf_ctx *, u8 *, const u8 *),
102 void (*fn_4way)(struct bf_ctx *, u8 *, const u8 *)) 82 void (*fn_4way)(struct bf_ctx *, u8 *, const u8 *))
@@ -160,28 +140,6 @@ static int ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
160 return ecb_crypt(desc, &walk, blowfish_dec_blk, blowfish_dec_blk_4way); 140 return ecb_crypt(desc, &walk, blowfish_dec_blk, blowfish_dec_blk_4way);
161} 141}
162 142
163static struct crypto_alg blk_ecb_alg = {
164 .cra_name = "ecb(blowfish)",
165 .cra_driver_name = "ecb-blowfish-asm",
166 .cra_priority = 300,
167 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
168 .cra_blocksize = BF_BLOCK_SIZE,
169 .cra_ctxsize = sizeof(struct bf_ctx),
170 .cra_alignmask = 0,
171 .cra_type = &crypto_blkcipher_type,
172 .cra_module = THIS_MODULE,
173 .cra_list = LIST_HEAD_INIT(blk_ecb_alg.cra_list),
174 .cra_u = {
175 .blkcipher = {
176 .min_keysize = BF_MIN_KEY_SIZE,
177 .max_keysize = BF_MAX_KEY_SIZE,
178 .setkey = blowfish_setkey,
179 .encrypt = ecb_encrypt,
180 .decrypt = ecb_decrypt,
181 },
182 },
183};
184
185static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 143static unsigned int __cbc_encrypt(struct blkcipher_desc *desc,
186 struct blkcipher_walk *walk) 144 struct blkcipher_walk *walk)
187{ 145{
@@ -307,29 +265,6 @@ static int cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
307 return err; 265 return err;
308} 266}
309 267
310static struct crypto_alg blk_cbc_alg = {
311 .cra_name = "cbc(blowfish)",
312 .cra_driver_name = "cbc-blowfish-asm",
313 .cra_priority = 300,
314 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
315 .cra_blocksize = BF_BLOCK_SIZE,
316 .cra_ctxsize = sizeof(struct bf_ctx),
317 .cra_alignmask = 0,
318 .cra_type = &crypto_blkcipher_type,
319 .cra_module = THIS_MODULE,
320 .cra_list = LIST_HEAD_INIT(blk_cbc_alg.cra_list),
321 .cra_u = {
322 .blkcipher = {
323 .min_keysize = BF_MIN_KEY_SIZE,
324 .max_keysize = BF_MAX_KEY_SIZE,
325 .ivsize = BF_BLOCK_SIZE,
326 .setkey = blowfish_setkey,
327 .encrypt = cbc_encrypt,
328 .decrypt = cbc_decrypt,
329 },
330 },
331};
332
333static void ctr_crypt_final(struct bf_ctx *ctx, struct blkcipher_walk *walk) 268static void ctr_crypt_final(struct bf_ctx *ctx, struct blkcipher_walk *walk)
334{ 269{
335 u8 *ctrblk = walk->iv; 270 u8 *ctrblk = walk->iv;
@@ -423,7 +358,67 @@ static int ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
423 return err; 358 return err;
424} 359}
425 360
426static struct crypto_alg blk_ctr_alg = { 361static struct crypto_alg bf_algs[4] = { {
362 .cra_name = "blowfish",
363 .cra_driver_name = "blowfish-asm",
364 .cra_priority = 200,
365 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
366 .cra_blocksize = BF_BLOCK_SIZE,
367 .cra_ctxsize = sizeof(struct bf_ctx),
368 .cra_alignmask = 0,
369 .cra_module = THIS_MODULE,
370 .cra_list = LIST_HEAD_INIT(bf_algs[0].cra_list),
371 .cra_u = {
372 .cipher = {
373 .cia_min_keysize = BF_MIN_KEY_SIZE,
374 .cia_max_keysize = BF_MAX_KEY_SIZE,
375 .cia_setkey = blowfish_setkey,
376 .cia_encrypt = blowfish_encrypt,
377 .cia_decrypt = blowfish_decrypt,
378 }
379 }
380}, {
381 .cra_name = "ecb(blowfish)",
382 .cra_driver_name = "ecb-blowfish-asm",
383 .cra_priority = 300,
384 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
385 .cra_blocksize = BF_BLOCK_SIZE,
386 .cra_ctxsize = sizeof(struct bf_ctx),
387 .cra_alignmask = 0,
388 .cra_type = &crypto_blkcipher_type,
389 .cra_module = THIS_MODULE,
390 .cra_list = LIST_HEAD_INIT(bf_algs[1].cra_list),
391 .cra_u = {
392 .blkcipher = {
393 .min_keysize = BF_MIN_KEY_SIZE,
394 .max_keysize = BF_MAX_KEY_SIZE,
395 .setkey = blowfish_setkey,
396 .encrypt = ecb_encrypt,
397 .decrypt = ecb_decrypt,
398 },
399 },
400}, {
401 .cra_name = "cbc(blowfish)",
402 .cra_driver_name = "cbc-blowfish-asm",
403 .cra_priority = 300,
404 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
405 .cra_blocksize = BF_BLOCK_SIZE,
406 .cra_ctxsize = sizeof(struct bf_ctx),
407 .cra_alignmask = 0,
408 .cra_type = &crypto_blkcipher_type,
409 .cra_module = THIS_MODULE,
410 .cra_list = LIST_HEAD_INIT(bf_algs[2].cra_list),
411 .cra_u = {
412 .blkcipher = {
413 .min_keysize = BF_MIN_KEY_SIZE,
414 .max_keysize = BF_MAX_KEY_SIZE,
415 .ivsize = BF_BLOCK_SIZE,
416 .setkey = blowfish_setkey,
417 .encrypt = cbc_encrypt,
418 .decrypt = cbc_decrypt,
419 },
420 },
421}, {
427 .cra_name = "ctr(blowfish)", 422 .cra_name = "ctr(blowfish)",
428 .cra_driver_name = "ctr-blowfish-asm", 423 .cra_driver_name = "ctr-blowfish-asm",
429 .cra_priority = 300, 424 .cra_priority = 300,
@@ -433,7 +428,7 @@ static struct crypto_alg blk_ctr_alg = {
433 .cra_alignmask = 0, 428 .cra_alignmask = 0,
434 .cra_type = &crypto_blkcipher_type, 429 .cra_type = &crypto_blkcipher_type,
435 .cra_module = THIS_MODULE, 430 .cra_module = THIS_MODULE,
436 .cra_list = LIST_HEAD_INIT(blk_ctr_alg.cra_list), 431 .cra_list = LIST_HEAD_INIT(bf_algs[3].cra_list),
437 .cra_u = { 432 .cra_u = {
438 .blkcipher = { 433 .blkcipher = {
439 .min_keysize = BF_MIN_KEY_SIZE, 434 .min_keysize = BF_MIN_KEY_SIZE,
@@ -444,43 +439,45 @@ static struct crypto_alg blk_ctr_alg = {
444 .decrypt = ctr_crypt, 439 .decrypt = ctr_crypt,
445 }, 440 },
446 }, 441 },
447}; 442} };
443
444static bool is_blacklisted_cpu(void)
445{
446 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
447 return false;
448
449 if (boot_cpu_data.x86 == 0x0f) {
450 /*
451 * On Pentium 4, blowfish-x86_64 is slower than generic C
452 * implementation because use of 64bit rotates (which are really
453 * slow on P4). Therefore blacklist P4s.
454 */
455 return true;
456 }
457
458 return false;
459}
460
461static int force;
462module_param(force, int, 0);
463MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist");
448 464
449static int __init init(void) 465static int __init init(void)
450{ 466{
451 int err; 467 if (!force && is_blacklisted_cpu()) {
468 printk(KERN_INFO
469 "blowfish-x86_64: performance on this CPU "
470 "would be suboptimal: disabling "
471 "blowfish-x86_64.\n");
472 return -ENODEV;
473 }
452 474
453 err = crypto_register_alg(&bf_alg); 475 return crypto_register_algs(bf_algs, ARRAY_SIZE(bf_algs));
454 if (err)
455 goto bf_err;
456 err = crypto_register_alg(&blk_ecb_alg);
457 if (err)
458 goto ecb_err;
459 err = crypto_register_alg(&blk_cbc_alg);
460 if (err)
461 goto cbc_err;
462 err = crypto_register_alg(&blk_ctr_alg);
463 if (err)
464 goto ctr_err;
465
466 return 0;
467
468ctr_err:
469 crypto_unregister_alg(&blk_cbc_alg);
470cbc_err:
471 crypto_unregister_alg(&blk_ecb_alg);
472ecb_err:
473 crypto_unregister_alg(&bf_alg);
474bf_err:
475 return err;
476} 476}
477 477
478static void __exit fini(void) 478static void __exit fini(void)
479{ 479{
480 crypto_unregister_alg(&blk_ctr_alg); 480 crypto_unregister_algs(bf_algs, ARRAY_SIZE(bf_algs));
481 crypto_unregister_alg(&blk_cbc_alg);
482 crypto_unregister_alg(&blk_ecb_alg);
483 crypto_unregister_alg(&bf_alg);
484} 481}
485 482
486module_init(init); 483module_init(init);
diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S
new file mode 100644
index 000000000000..0b3374335fdc
--- /dev/null
+++ b/arch/x86/crypto/camellia-x86_64-asm_64.S
@@ -0,0 +1,520 @@
1/*
2 * Camellia Cipher Algorithm (x86_64)
3 *
4 * Copyright (C) 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19 * USA
20 *
21 */
22
23.file "camellia-x86_64-asm_64.S"
24.text
25
26.extern camellia_sp10011110;
27.extern camellia_sp22000222;
28.extern camellia_sp03303033;
29.extern camellia_sp00444404;
30.extern camellia_sp02220222;
31.extern camellia_sp30333033;
32.extern camellia_sp44044404;
33.extern camellia_sp11101110;
34
35#define sp10011110 camellia_sp10011110
36#define sp22000222 camellia_sp22000222
37#define sp03303033 camellia_sp03303033
38#define sp00444404 camellia_sp00444404
39#define sp02220222 camellia_sp02220222
40#define sp30333033 camellia_sp30333033
41#define sp44044404 camellia_sp44044404
42#define sp11101110 camellia_sp11101110
43
44#define CAMELLIA_TABLE_BYTE_LEN 272
45
46/* struct camellia_ctx: */
47#define key_table 0
48#define key_length CAMELLIA_TABLE_BYTE_LEN
49
50/* register macros */
51#define CTX %rdi
52#define RIO %rsi
53#define RIOd %esi
54
55#define RAB0 %rax
56#define RCD0 %rcx
57#define RAB1 %rbx
58#define RCD1 %rdx
59
60#define RAB0d %eax
61#define RCD0d %ecx
62#define RAB1d %ebx
63#define RCD1d %edx
64
65#define RAB0bl %al
66#define RCD0bl %cl
67#define RAB1bl %bl
68#define RCD1bl %dl
69
70#define RAB0bh %ah
71#define RCD0bh %ch
72#define RAB1bh %bh
73#define RCD1bh %dh
74
75#define RT0 %rsi
76#define RT1 %rbp
77#define RT2 %r8
78
79#define RT0d %esi
80#define RT1d %ebp
81#define RT2d %r8d
82
83#define RT2bl %r8b
84
85#define RXOR %r9
86#define RRBP %r10
87#define RDST %r11
88
89#define RXORd %r9d
90#define RXORbl %r9b
91
92#define xor2ror16(T0, T1, tmp1, tmp2, ab, dst) \
93 movzbl ab ## bl, tmp2 ## d; \
94 movzbl ab ## bh, tmp1 ## d; \
95 rorq $16, ab; \
96 xorq T0(, tmp2, 8), dst; \
97 xorq T1(, tmp1, 8), dst;
98
99/**********************************************************************
100 1-way camellia
101 **********************************************************************/
102#define roundsm(ab, subkey, cd) \
103 movq (key_table + ((subkey) * 2) * 4)(CTX), RT2; \
104 \
105 xor2ror16(sp00444404, sp03303033, RT0, RT1, ab ## 0, cd ## 0); \
106 xor2ror16(sp22000222, sp10011110, RT0, RT1, ab ## 0, RT2); \
107 xor2ror16(sp11101110, sp44044404, RT0, RT1, ab ## 0, cd ## 0); \
108 xor2ror16(sp30333033, sp02220222, RT0, RT1, ab ## 0, RT2); \
109 \
110 xorq RT2, cd ## 0;
111
112#define fls(l, r, kl, kr) \
113 movl (key_table + ((kl) * 2) * 4)(CTX), RT0d; \
114 andl l ## 0d, RT0d; \
115 roll $1, RT0d; \
116 shlq $32, RT0; \
117 xorq RT0, l ## 0; \
118 movq (key_table + ((kr) * 2) * 4)(CTX), RT1; \
119 orq r ## 0, RT1; \
120 shrq $32, RT1; \
121 xorq RT1, r ## 0; \
122 \
123 movq (key_table + ((kl) * 2) * 4)(CTX), RT2; \
124 orq l ## 0, RT2; \
125 shrq $32, RT2; \
126 xorq RT2, l ## 0; \
127 movl (key_table + ((kr) * 2) * 4)(CTX), RT0d; \
128 andl r ## 0d, RT0d; \
129 roll $1, RT0d; \
130 shlq $32, RT0; \
131 xorq RT0, r ## 0;
132
133#define enc_rounds(i) \
134 roundsm(RAB, i + 2, RCD); \
135 roundsm(RCD, i + 3, RAB); \
136 roundsm(RAB, i + 4, RCD); \
137 roundsm(RCD, i + 5, RAB); \
138 roundsm(RAB, i + 6, RCD); \
139 roundsm(RCD, i + 7, RAB);
140
141#define enc_fls(i) \
142 fls(RAB, RCD, i + 0, i + 1);
143
144#define enc_inpack() \
145 movq (RIO), RAB0; \
146 bswapq RAB0; \
147 rolq $32, RAB0; \
148 movq 4*2(RIO), RCD0; \
149 bswapq RCD0; \
150 rorq $32, RCD0; \
151 xorq key_table(CTX), RAB0;
152
153#define enc_outunpack(op, max) \
154 xorq key_table(CTX, max, 8), RCD0; \
155 rorq $32, RCD0; \
156 bswapq RCD0; \
157 op ## q RCD0, (RIO); \
158 rolq $32, RAB0; \
159 bswapq RAB0; \
160 op ## q RAB0, 4*2(RIO);
161
162#define dec_rounds(i) \
163 roundsm(RAB, i + 7, RCD); \
164 roundsm(RCD, i + 6, RAB); \
165 roundsm(RAB, i + 5, RCD); \
166 roundsm(RCD, i + 4, RAB); \
167 roundsm(RAB, i + 3, RCD); \
168 roundsm(RCD, i + 2, RAB);
169
170#define dec_fls(i) \
171 fls(RAB, RCD, i + 1, i + 0);
172
173#define dec_inpack(max) \
174 movq (RIO), RAB0; \
175 bswapq RAB0; \
176 rolq $32, RAB0; \
177 movq 4*2(RIO), RCD0; \
178 bswapq RCD0; \
179 rorq $32, RCD0; \
180 xorq key_table(CTX, max, 8), RAB0;
181
182#define dec_outunpack() \
183 xorq key_table(CTX), RCD0; \
184 rorq $32, RCD0; \
185 bswapq RCD0; \
186 movq RCD0, (RIO); \
187 rolq $32, RAB0; \
188 bswapq RAB0; \
189 movq RAB0, 4*2(RIO);
190
191.global __camellia_enc_blk;
192.type __camellia_enc_blk,@function;
193
194__camellia_enc_blk:
195 /* input:
196 * %rdi: ctx, CTX
197 * %rsi: dst
198 * %rdx: src
199 * %rcx: bool xor
200 */
201 movq %rbp, RRBP;
202
203 movq %rcx, RXOR;
204 movq %rsi, RDST;
205 movq %rdx, RIO;
206
207 enc_inpack();
208
209 enc_rounds(0);
210 enc_fls(8);
211 enc_rounds(8);
212 enc_fls(16);
213 enc_rounds(16);
214 movl $24, RT1d; /* max */
215
216 cmpb $16, key_length(CTX);
217 je __enc_done;
218
219 enc_fls(24);
220 enc_rounds(24);
221 movl $32, RT1d; /* max */
222
223__enc_done:
224 testb RXORbl, RXORbl;
225 movq RDST, RIO;
226
227 jnz __enc_xor;
228
229 enc_outunpack(mov, RT1);
230
231 movq RRBP, %rbp;
232 ret;
233
234__enc_xor:
235 enc_outunpack(xor, RT1);
236
237 movq RRBP, %rbp;
238 ret;
239
240.global camellia_dec_blk;
241.type camellia_dec_blk,@function;
242
243camellia_dec_blk:
244 /* input:
245 * %rdi: ctx, CTX
246 * %rsi: dst
247 * %rdx: src
248 */
249 cmpl $16, key_length(CTX);
250 movl $32, RT2d;
251 movl $24, RXORd;
252 cmovel RXORd, RT2d; /* max */
253
254 movq %rbp, RRBP;
255 movq %rsi, RDST;
256 movq %rdx, RIO;
257
258 dec_inpack(RT2);
259
260 cmpb $24, RT2bl;
261 je __dec_rounds16;
262
263 dec_rounds(24);
264 dec_fls(24);
265
266__dec_rounds16:
267 dec_rounds(16);
268 dec_fls(16);
269 dec_rounds(8);
270 dec_fls(8);
271 dec_rounds(0);
272
273 movq RDST, RIO;
274
275 dec_outunpack();
276
277 movq RRBP, %rbp;
278 ret;
279
280/**********************************************************************
281 2-way camellia
282 **********************************************************************/
283#define roundsm2(ab, subkey, cd) \
284 movq (key_table + ((subkey) * 2) * 4)(CTX), RT2; \
285 xorq RT2, cd ## 1; \
286 \
287 xor2ror16(sp00444404, sp03303033, RT0, RT1, ab ## 0, cd ## 0); \
288 xor2ror16(sp22000222, sp10011110, RT0, RT1, ab ## 0, RT2); \
289 xor2ror16(sp11101110, sp44044404, RT0, RT1, ab ## 0, cd ## 0); \
290 xor2ror16(sp30333033, sp02220222, RT0, RT1, ab ## 0, RT2); \
291 \
292 xor2ror16(sp00444404, sp03303033, RT0, RT1, ab ## 1, cd ## 1); \
293 xorq RT2, cd ## 0; \
294 xor2ror16(sp22000222, sp10011110, RT0, RT1, ab ## 1, cd ## 1); \
295 xor2ror16(sp11101110, sp44044404, RT0, RT1, ab ## 1, cd ## 1); \
296 xor2ror16(sp30333033, sp02220222, RT0, RT1, ab ## 1, cd ## 1);
297
298#define fls2(l, r, kl, kr) \
299 movl (key_table + ((kl) * 2) * 4)(CTX), RT0d; \
300 andl l ## 0d, RT0d; \
301 roll $1, RT0d; \
302 shlq $32, RT0; \
303 xorq RT0, l ## 0; \
304 movq (key_table + ((kr) * 2) * 4)(CTX), RT1; \
305 orq r ## 0, RT1; \
306 shrq $32, RT1; \
307 xorq RT1, r ## 0; \
308 \
309 movl (key_table + ((kl) * 2) * 4)(CTX), RT2d; \
310 andl l ## 1d, RT2d; \
311 roll $1, RT2d; \
312 shlq $32, RT2; \
313 xorq RT2, l ## 1; \
314 movq (key_table + ((kr) * 2) * 4)(CTX), RT0; \
315 orq r ## 1, RT0; \
316 shrq $32, RT0; \
317 xorq RT0, r ## 1; \
318 \
319 movq (key_table + ((kl) * 2) * 4)(CTX), RT1; \
320 orq l ## 0, RT1; \
321 shrq $32, RT1; \
322 xorq RT1, l ## 0; \
323 movl (key_table + ((kr) * 2) * 4)(CTX), RT2d; \
324 andl r ## 0d, RT2d; \
325 roll $1, RT2d; \
326 shlq $32, RT2; \
327 xorq RT2, r ## 0; \
328 \
329 movq (key_table + ((kl) * 2) * 4)(CTX), RT0; \
330 orq l ## 1, RT0; \
331 shrq $32, RT0; \
332 xorq RT0, l ## 1; \
333 movl (key_table + ((kr) * 2) * 4)(CTX), RT1d; \
334 andl r ## 1d, RT1d; \
335 roll $1, RT1d; \
336 shlq $32, RT1; \
337 xorq RT1, r ## 1;
338
339#define enc_rounds2(i) \
340 roundsm2(RAB, i + 2, RCD); \
341 roundsm2(RCD, i + 3, RAB); \
342 roundsm2(RAB, i + 4, RCD); \
343 roundsm2(RCD, i + 5, RAB); \
344 roundsm2(RAB, i + 6, RCD); \
345 roundsm2(RCD, i + 7, RAB);
346
347#define enc_fls2(i) \
348 fls2(RAB, RCD, i + 0, i + 1);
349
350#define enc_inpack2() \
351 movq (RIO), RAB0; \
352 bswapq RAB0; \
353 rorq $32, RAB0; \
354 movq 4*2(RIO), RCD0; \
355 bswapq RCD0; \
356 rolq $32, RCD0; \
357 xorq key_table(CTX), RAB0; \
358 \
359 movq 8*2(RIO), RAB1; \
360 bswapq RAB1; \
361 rorq $32, RAB1; \
362 movq 12*2(RIO), RCD1; \
363 bswapq RCD1; \
364 rolq $32, RCD1; \
365 xorq key_table(CTX), RAB1;
366
367#define enc_outunpack2(op, max) \
368 xorq key_table(CTX, max, 8), RCD0; \
369 rolq $32, RCD0; \
370 bswapq RCD0; \
371 op ## q RCD0, (RIO); \
372 rorq $32, RAB0; \
373 bswapq RAB0; \
374 op ## q RAB0, 4*2(RIO); \
375 \
376 xorq key_table(CTX, max, 8), RCD1; \
377 rolq $32, RCD1; \
378 bswapq RCD1; \
379 op ## q RCD1, 8*2(RIO); \
380 rorq $32, RAB1; \
381 bswapq RAB1; \
382 op ## q RAB1, 12*2(RIO);
383
384#define dec_rounds2(i) \
385 roundsm2(RAB, i + 7, RCD); \
386 roundsm2(RCD, i + 6, RAB); \
387 roundsm2(RAB, i + 5, RCD); \
388 roundsm2(RCD, i + 4, RAB); \
389 roundsm2(RAB, i + 3, RCD); \
390 roundsm2(RCD, i + 2, RAB);
391
392#define dec_fls2(i) \
393 fls2(RAB, RCD, i + 1, i + 0);
394
395#define dec_inpack2(max) \
396 movq (RIO), RAB0; \
397 bswapq RAB0; \
398 rorq $32, RAB0; \
399 movq 4*2(RIO), RCD0; \
400 bswapq RCD0; \
401 rolq $32, RCD0; \
402 xorq key_table(CTX, max, 8), RAB0; \
403 \
404 movq 8*2(RIO), RAB1; \
405 bswapq RAB1; \
406 rorq $32, RAB1; \
407 movq 12*2(RIO), RCD1; \
408 bswapq RCD1; \
409 rolq $32, RCD1; \
410 xorq key_table(CTX, max, 8), RAB1;
411
412#define dec_outunpack2() \
413 xorq key_table(CTX), RCD0; \
414 rolq $32, RCD0; \
415 bswapq RCD0; \
416 movq RCD0, (RIO); \
417 rorq $32, RAB0; \
418 bswapq RAB0; \
419 movq RAB0, 4*2(RIO); \
420 \
421 xorq key_table(CTX), RCD1; \
422 rolq $32, RCD1; \
423 bswapq RCD1; \
424 movq RCD1, 8*2(RIO); \
425 rorq $32, RAB1; \
426 bswapq RAB1; \
427 movq RAB1, 12*2(RIO);
428
429.global __camellia_enc_blk_2way;
430.type __camellia_enc_blk_2way,@function;
431
432__camellia_enc_blk_2way:
433 /* input:
434 * %rdi: ctx, CTX
435 * %rsi: dst
436 * %rdx: src
437 * %rcx: bool xor
438 */
439 pushq %rbx;
440
441 movq %rbp, RRBP;
442 movq %rcx, RXOR;
443 movq %rsi, RDST;
444 movq %rdx, RIO;
445
446 enc_inpack2();
447
448 enc_rounds2(0);
449 enc_fls2(8);
450 enc_rounds2(8);
451 enc_fls2(16);
452 enc_rounds2(16);
453 movl $24, RT2d; /* max */
454
455 cmpb $16, key_length(CTX);
456 je __enc2_done;
457
458 enc_fls2(24);
459 enc_rounds2(24);
460 movl $32, RT2d; /* max */
461
462__enc2_done:
463 test RXORbl, RXORbl;
464 movq RDST, RIO;
465 jnz __enc2_xor;
466
467 enc_outunpack2(mov, RT2);
468
469 movq RRBP, %rbp;
470 popq %rbx;
471 ret;
472
473__enc2_xor:
474 enc_outunpack2(xor, RT2);
475
476 movq RRBP, %rbp;
477 popq %rbx;
478 ret;
479
480.global camellia_dec_blk_2way;
481.type camellia_dec_blk_2way,@function;
482
483camellia_dec_blk_2way:
484 /* input:
485 * %rdi: ctx, CTX
486 * %rsi: dst
487 * %rdx: src
488 */
489 cmpl $16, key_length(CTX);
490 movl $32, RT2d;
491 movl $24, RXORd;
492 cmovel RXORd, RT2d; /* max */
493
494 movq %rbx, RXOR;
495 movq %rbp, RRBP;
496 movq %rsi, RDST;
497 movq %rdx, RIO;
498
499 dec_inpack2(RT2);
500
501 cmpb $24, RT2bl;
502 je __dec2_rounds16;
503
504 dec_rounds2(24);
505 dec_fls2(24);
506
507__dec2_rounds16:
508 dec_rounds2(16);
509 dec_fls2(16);
510 dec_rounds2(8);
511 dec_fls2(8);
512 dec_rounds2(0);
513
514 movq RDST, RIO;
515
516 dec_outunpack2();
517
518 movq RRBP, %rbp;
519 movq RXOR, %rbx;
520 ret;
diff --git a/arch/x86/crypto/camellia_glue.c b/arch/x86/crypto/camellia_glue.c
new file mode 100644
index 000000000000..1ca36a93fd2f
--- /dev/null
+++ b/arch/x86/crypto/camellia_glue.c
@@ -0,0 +1,1952 @@
1/*
2 * Glue Code for assembler optimized version of Camellia
3 *
4 * Copyright (c) 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
5 *
6 * Camellia parts based on code by:
7 * Copyright (C) 2006 NTT (Nippon Telegraph and Telephone Corporation)
8 * CBC & ECB parts based on code (crypto/cbc.c,ecb.c) by:
9 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
10 * CTR part based on code (crypto/ctr.c) by:
11 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
26 * USA
27 *
28 */
29
30#include <asm/processor.h>
31#include <asm/unaligned.h>
32#include <linux/crypto.h>
33#include <linux/init.h>
34#include <linux/module.h>
35#include <linux/types.h>
36#include <crypto/algapi.h>
37#include <crypto/b128ops.h>
38#include <crypto/lrw.h>
39#include <crypto/xts.h>
40
41#define CAMELLIA_MIN_KEY_SIZE 16
42#define CAMELLIA_MAX_KEY_SIZE 32
43#define CAMELLIA_BLOCK_SIZE 16
44#define CAMELLIA_TABLE_BYTE_LEN 272
45
46struct camellia_ctx {
47 u64 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u64)];
48 u32 key_length;
49};
50
51/* regular block cipher functions */
52asmlinkage void __camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst,
53 const u8 *src, bool xor);
54asmlinkage void camellia_dec_blk(struct camellia_ctx *ctx, u8 *dst,
55 const u8 *src);
56
57/* 2-way parallel cipher functions */
58asmlinkage void __camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst,
59 const u8 *src, bool xor);
60asmlinkage void camellia_dec_blk_2way(struct camellia_ctx *ctx, u8 *dst,
61 const u8 *src);
62
63static inline void camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst,
64 const u8 *src)
65{
66 __camellia_enc_blk(ctx, dst, src, false);
67}
68
69static inline void camellia_enc_blk_xor(struct camellia_ctx *ctx, u8 *dst,
70 const u8 *src)
71{
72 __camellia_enc_blk(ctx, dst, src, true);
73}
74
75static inline void camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst,
76 const u8 *src)
77{
78 __camellia_enc_blk_2way(ctx, dst, src, false);
79}
80
81static inline void camellia_enc_blk_xor_2way(struct camellia_ctx *ctx, u8 *dst,
82 const u8 *src)
83{
84 __camellia_enc_blk_2way(ctx, dst, src, true);
85}
86
87static void camellia_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
88{
89 camellia_enc_blk(crypto_tfm_ctx(tfm), dst, src);
90}
91
92static void camellia_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
93{
94 camellia_dec_blk(crypto_tfm_ctx(tfm), dst, src);
95}
96
97/* camellia sboxes */
98const u64 camellia_sp10011110[256] = {
99 0x7000007070707000, 0x8200008282828200, 0x2c00002c2c2c2c00,
100 0xec0000ecececec00, 0xb30000b3b3b3b300, 0x2700002727272700,
101 0xc00000c0c0c0c000, 0xe50000e5e5e5e500, 0xe40000e4e4e4e400,
102 0x8500008585858500, 0x5700005757575700, 0x3500003535353500,
103 0xea0000eaeaeaea00, 0x0c00000c0c0c0c00, 0xae0000aeaeaeae00,
104 0x4100004141414100, 0x2300002323232300, 0xef0000efefefef00,
105 0x6b00006b6b6b6b00, 0x9300009393939300, 0x4500004545454500,
106 0x1900001919191900, 0xa50000a5a5a5a500, 0x2100002121212100,
107 0xed0000edededed00, 0x0e00000e0e0e0e00, 0x4f00004f4f4f4f00,
108 0x4e00004e4e4e4e00, 0x1d00001d1d1d1d00, 0x6500006565656500,
109 0x9200009292929200, 0xbd0000bdbdbdbd00, 0x8600008686868600,
110 0xb80000b8b8b8b800, 0xaf0000afafafaf00, 0x8f00008f8f8f8f00,
111 0x7c00007c7c7c7c00, 0xeb0000ebebebeb00, 0x1f00001f1f1f1f00,
112 0xce0000cececece00, 0x3e00003e3e3e3e00, 0x3000003030303000,
113 0xdc0000dcdcdcdc00, 0x5f00005f5f5f5f00, 0x5e00005e5e5e5e00,
114 0xc50000c5c5c5c500, 0x0b00000b0b0b0b00, 0x1a00001a1a1a1a00,
115 0xa60000a6a6a6a600, 0xe10000e1e1e1e100, 0x3900003939393900,
116 0xca0000cacacaca00, 0xd50000d5d5d5d500, 0x4700004747474700,
117 0x5d00005d5d5d5d00, 0x3d00003d3d3d3d00, 0xd90000d9d9d9d900,
118 0x0100000101010100, 0x5a00005a5a5a5a00, 0xd60000d6d6d6d600,
119 0x5100005151515100, 0x5600005656565600, 0x6c00006c6c6c6c00,
120 0x4d00004d4d4d4d00, 0x8b00008b8b8b8b00, 0x0d00000d0d0d0d00,
121 0x9a00009a9a9a9a00, 0x6600006666666600, 0xfb0000fbfbfbfb00,
122 0xcc0000cccccccc00, 0xb00000b0b0b0b000, 0x2d00002d2d2d2d00,
123 0x7400007474747400, 0x1200001212121200, 0x2b00002b2b2b2b00,
124 0x2000002020202000, 0xf00000f0f0f0f000, 0xb10000b1b1b1b100,
125 0x8400008484848400, 0x9900009999999900, 0xdf0000dfdfdfdf00,
126 0x4c00004c4c4c4c00, 0xcb0000cbcbcbcb00, 0xc20000c2c2c2c200,
127 0x3400003434343400, 0x7e00007e7e7e7e00, 0x7600007676767600,
128 0x0500000505050500, 0x6d00006d6d6d6d00, 0xb70000b7b7b7b700,
129 0xa90000a9a9a9a900, 0x3100003131313100, 0xd10000d1d1d1d100,
130 0x1700001717171700, 0x0400000404040400, 0xd70000d7d7d7d700,
131 0x1400001414141400, 0x5800005858585800, 0x3a00003a3a3a3a00,
132 0x6100006161616100, 0xde0000dededede00, 0x1b00001b1b1b1b00,
133 0x1100001111111100, 0x1c00001c1c1c1c00, 0x3200003232323200,
134 0x0f00000f0f0f0f00, 0x9c00009c9c9c9c00, 0x1600001616161600,
135 0x5300005353535300, 0x1800001818181800, 0xf20000f2f2f2f200,
136 0x2200002222222200, 0xfe0000fefefefe00, 0x4400004444444400,
137 0xcf0000cfcfcfcf00, 0xb20000b2b2b2b200, 0xc30000c3c3c3c300,
138 0xb50000b5b5b5b500, 0x7a00007a7a7a7a00, 0x9100009191919100,
139 0x2400002424242400, 0x0800000808080800, 0xe80000e8e8e8e800,
140 0xa80000a8a8a8a800, 0x6000006060606000, 0xfc0000fcfcfcfc00,
141 0x6900006969696900, 0x5000005050505000, 0xaa0000aaaaaaaa00,
142 0xd00000d0d0d0d000, 0xa00000a0a0a0a000, 0x7d00007d7d7d7d00,
143 0xa10000a1a1a1a100, 0x8900008989898900, 0x6200006262626200,
144 0x9700009797979700, 0x5400005454545400, 0x5b00005b5b5b5b00,
145 0x1e00001e1e1e1e00, 0x9500009595959500, 0xe00000e0e0e0e000,
146 0xff0000ffffffff00, 0x6400006464646400, 0xd20000d2d2d2d200,
147 0x1000001010101000, 0xc40000c4c4c4c400, 0x0000000000000000,
148 0x4800004848484800, 0xa30000a3a3a3a300, 0xf70000f7f7f7f700,
149 0x7500007575757500, 0xdb0000dbdbdbdb00, 0x8a00008a8a8a8a00,
150 0x0300000303030300, 0xe60000e6e6e6e600, 0xda0000dadadada00,
151 0x0900000909090900, 0x3f00003f3f3f3f00, 0xdd0000dddddddd00,
152 0x9400009494949400, 0x8700008787878700, 0x5c00005c5c5c5c00,
153 0x8300008383838300, 0x0200000202020200, 0xcd0000cdcdcdcd00,
154 0x4a00004a4a4a4a00, 0x9000009090909000, 0x3300003333333300,
155 0x7300007373737300, 0x6700006767676700, 0xf60000f6f6f6f600,
156 0xf30000f3f3f3f300, 0x9d00009d9d9d9d00, 0x7f00007f7f7f7f00,
157 0xbf0000bfbfbfbf00, 0xe20000e2e2e2e200, 0x5200005252525200,
158 0x9b00009b9b9b9b00, 0xd80000d8d8d8d800, 0x2600002626262600,
159 0xc80000c8c8c8c800, 0x3700003737373700, 0xc60000c6c6c6c600,
160 0x3b00003b3b3b3b00, 0x8100008181818100, 0x9600009696969600,
161 0x6f00006f6f6f6f00, 0x4b00004b4b4b4b00, 0x1300001313131300,
162 0xbe0000bebebebe00, 0x6300006363636300, 0x2e00002e2e2e2e00,
163 0xe90000e9e9e9e900, 0x7900007979797900, 0xa70000a7a7a7a700,
164 0x8c00008c8c8c8c00, 0x9f00009f9f9f9f00, 0x6e00006e6e6e6e00,
165 0xbc0000bcbcbcbc00, 0x8e00008e8e8e8e00, 0x2900002929292900,
166 0xf50000f5f5f5f500, 0xf90000f9f9f9f900, 0xb60000b6b6b6b600,
167 0x2f00002f2f2f2f00, 0xfd0000fdfdfdfd00, 0xb40000b4b4b4b400,
168 0x5900005959595900, 0x7800007878787800, 0x9800009898989800,
169 0x0600000606060600, 0x6a00006a6a6a6a00, 0xe70000e7e7e7e700,
170 0x4600004646464600, 0x7100007171717100, 0xba0000babababa00,
171 0xd40000d4d4d4d400, 0x2500002525252500, 0xab0000abababab00,
172 0x4200004242424200, 0x8800008888888800, 0xa20000a2a2a2a200,
173 0x8d00008d8d8d8d00, 0xfa0000fafafafa00, 0x7200007272727200,
174 0x0700000707070700, 0xb90000b9b9b9b900, 0x5500005555555500,
175 0xf80000f8f8f8f800, 0xee0000eeeeeeee00, 0xac0000acacacac00,
176 0x0a00000a0a0a0a00, 0x3600003636363600, 0x4900004949494900,
177 0x2a00002a2a2a2a00, 0x6800006868686800, 0x3c00003c3c3c3c00,
178 0x3800003838383800, 0xf10000f1f1f1f100, 0xa40000a4a4a4a400,
179 0x4000004040404000, 0x2800002828282800, 0xd30000d3d3d3d300,
180 0x7b00007b7b7b7b00, 0xbb0000bbbbbbbb00, 0xc90000c9c9c9c900,
181 0x4300004343434300, 0xc10000c1c1c1c100, 0x1500001515151500,
182 0xe30000e3e3e3e300, 0xad0000adadadad00, 0xf40000f4f4f4f400,
183 0x7700007777777700, 0xc70000c7c7c7c700, 0x8000008080808000,
184 0x9e00009e9e9e9e00,
185};
186
187const u64 camellia_sp22000222[256] = {
188 0xe0e0000000e0e0e0, 0x0505000000050505, 0x5858000000585858,
189 0xd9d9000000d9d9d9, 0x6767000000676767, 0x4e4e0000004e4e4e,
190 0x8181000000818181, 0xcbcb000000cbcbcb, 0xc9c9000000c9c9c9,
191 0x0b0b0000000b0b0b, 0xaeae000000aeaeae, 0x6a6a0000006a6a6a,
192 0xd5d5000000d5d5d5, 0x1818000000181818, 0x5d5d0000005d5d5d,
193 0x8282000000828282, 0x4646000000464646, 0xdfdf000000dfdfdf,
194 0xd6d6000000d6d6d6, 0x2727000000272727, 0x8a8a0000008a8a8a,
195 0x3232000000323232, 0x4b4b0000004b4b4b, 0x4242000000424242,
196 0xdbdb000000dbdbdb, 0x1c1c0000001c1c1c, 0x9e9e0000009e9e9e,
197 0x9c9c0000009c9c9c, 0x3a3a0000003a3a3a, 0xcaca000000cacaca,
198 0x2525000000252525, 0x7b7b0000007b7b7b, 0x0d0d0000000d0d0d,
199 0x7171000000717171, 0x5f5f0000005f5f5f, 0x1f1f0000001f1f1f,
200 0xf8f8000000f8f8f8, 0xd7d7000000d7d7d7, 0x3e3e0000003e3e3e,
201 0x9d9d0000009d9d9d, 0x7c7c0000007c7c7c, 0x6060000000606060,
202 0xb9b9000000b9b9b9, 0xbebe000000bebebe, 0xbcbc000000bcbcbc,
203 0x8b8b0000008b8b8b, 0x1616000000161616, 0x3434000000343434,
204 0x4d4d0000004d4d4d, 0xc3c3000000c3c3c3, 0x7272000000727272,
205 0x9595000000959595, 0xabab000000ababab, 0x8e8e0000008e8e8e,
206 0xbaba000000bababa, 0x7a7a0000007a7a7a, 0xb3b3000000b3b3b3,
207 0x0202000000020202, 0xb4b4000000b4b4b4, 0xadad000000adadad,
208 0xa2a2000000a2a2a2, 0xacac000000acacac, 0xd8d8000000d8d8d8,
209 0x9a9a0000009a9a9a, 0x1717000000171717, 0x1a1a0000001a1a1a,
210 0x3535000000353535, 0xcccc000000cccccc, 0xf7f7000000f7f7f7,
211 0x9999000000999999, 0x6161000000616161, 0x5a5a0000005a5a5a,
212 0xe8e8000000e8e8e8, 0x2424000000242424, 0x5656000000565656,
213 0x4040000000404040, 0xe1e1000000e1e1e1, 0x6363000000636363,
214 0x0909000000090909, 0x3333000000333333, 0xbfbf000000bfbfbf,
215 0x9898000000989898, 0x9797000000979797, 0x8585000000858585,
216 0x6868000000686868, 0xfcfc000000fcfcfc, 0xecec000000ececec,
217 0x0a0a0000000a0a0a, 0xdada000000dadada, 0x6f6f0000006f6f6f,
218 0x5353000000535353, 0x6262000000626262, 0xa3a3000000a3a3a3,
219 0x2e2e0000002e2e2e, 0x0808000000080808, 0xafaf000000afafaf,
220 0x2828000000282828, 0xb0b0000000b0b0b0, 0x7474000000747474,
221 0xc2c2000000c2c2c2, 0xbdbd000000bdbdbd, 0x3636000000363636,
222 0x2222000000222222, 0x3838000000383838, 0x6464000000646464,
223 0x1e1e0000001e1e1e, 0x3939000000393939, 0x2c2c0000002c2c2c,
224 0xa6a6000000a6a6a6, 0x3030000000303030, 0xe5e5000000e5e5e5,
225 0x4444000000444444, 0xfdfd000000fdfdfd, 0x8888000000888888,
226 0x9f9f0000009f9f9f, 0x6565000000656565, 0x8787000000878787,
227 0x6b6b0000006b6b6b, 0xf4f4000000f4f4f4, 0x2323000000232323,
228 0x4848000000484848, 0x1010000000101010, 0xd1d1000000d1d1d1,
229 0x5151000000515151, 0xc0c0000000c0c0c0, 0xf9f9000000f9f9f9,
230 0xd2d2000000d2d2d2, 0xa0a0000000a0a0a0, 0x5555000000555555,
231 0xa1a1000000a1a1a1, 0x4141000000414141, 0xfafa000000fafafa,
232 0x4343000000434343, 0x1313000000131313, 0xc4c4000000c4c4c4,
233 0x2f2f0000002f2f2f, 0xa8a8000000a8a8a8, 0xb6b6000000b6b6b6,
234 0x3c3c0000003c3c3c, 0x2b2b0000002b2b2b, 0xc1c1000000c1c1c1,
235 0xffff000000ffffff, 0xc8c8000000c8c8c8, 0xa5a5000000a5a5a5,
236 0x2020000000202020, 0x8989000000898989, 0x0000000000000000,
237 0x9090000000909090, 0x4747000000474747, 0xefef000000efefef,
238 0xeaea000000eaeaea, 0xb7b7000000b7b7b7, 0x1515000000151515,
239 0x0606000000060606, 0xcdcd000000cdcdcd, 0xb5b5000000b5b5b5,
240 0x1212000000121212, 0x7e7e0000007e7e7e, 0xbbbb000000bbbbbb,
241 0x2929000000292929, 0x0f0f0000000f0f0f, 0xb8b8000000b8b8b8,
242 0x0707000000070707, 0x0404000000040404, 0x9b9b0000009b9b9b,
243 0x9494000000949494, 0x2121000000212121, 0x6666000000666666,
244 0xe6e6000000e6e6e6, 0xcece000000cecece, 0xeded000000ededed,
245 0xe7e7000000e7e7e7, 0x3b3b0000003b3b3b, 0xfefe000000fefefe,
246 0x7f7f0000007f7f7f, 0xc5c5000000c5c5c5, 0xa4a4000000a4a4a4,
247 0x3737000000373737, 0xb1b1000000b1b1b1, 0x4c4c0000004c4c4c,
248 0x9191000000919191, 0x6e6e0000006e6e6e, 0x8d8d0000008d8d8d,
249 0x7676000000767676, 0x0303000000030303, 0x2d2d0000002d2d2d,
250 0xdede000000dedede, 0x9696000000969696, 0x2626000000262626,
251 0x7d7d0000007d7d7d, 0xc6c6000000c6c6c6, 0x5c5c0000005c5c5c,
252 0xd3d3000000d3d3d3, 0xf2f2000000f2f2f2, 0x4f4f0000004f4f4f,
253 0x1919000000191919, 0x3f3f0000003f3f3f, 0xdcdc000000dcdcdc,
254 0x7979000000797979, 0x1d1d0000001d1d1d, 0x5252000000525252,
255 0xebeb000000ebebeb, 0xf3f3000000f3f3f3, 0x6d6d0000006d6d6d,
256 0x5e5e0000005e5e5e, 0xfbfb000000fbfbfb, 0x6969000000696969,
257 0xb2b2000000b2b2b2, 0xf0f0000000f0f0f0, 0x3131000000313131,
258 0x0c0c0000000c0c0c, 0xd4d4000000d4d4d4, 0xcfcf000000cfcfcf,
259 0x8c8c0000008c8c8c, 0xe2e2000000e2e2e2, 0x7575000000757575,
260 0xa9a9000000a9a9a9, 0x4a4a0000004a4a4a, 0x5757000000575757,
261 0x8484000000848484, 0x1111000000111111, 0x4545000000454545,
262 0x1b1b0000001b1b1b, 0xf5f5000000f5f5f5, 0xe4e4000000e4e4e4,
263 0x0e0e0000000e0e0e, 0x7373000000737373, 0xaaaa000000aaaaaa,
264 0xf1f1000000f1f1f1, 0xdddd000000dddddd, 0x5959000000595959,
265 0x1414000000141414, 0x6c6c0000006c6c6c, 0x9292000000929292,
266 0x5454000000545454, 0xd0d0000000d0d0d0, 0x7878000000787878,
267 0x7070000000707070, 0xe3e3000000e3e3e3, 0x4949000000494949,
268 0x8080000000808080, 0x5050000000505050, 0xa7a7000000a7a7a7,
269 0xf6f6000000f6f6f6, 0x7777000000777777, 0x9393000000939393,
270 0x8686000000868686, 0x8383000000838383, 0x2a2a0000002a2a2a,
271 0xc7c7000000c7c7c7, 0x5b5b0000005b5b5b, 0xe9e9000000e9e9e9,
272 0xeeee000000eeeeee, 0x8f8f0000008f8f8f, 0x0101000000010101,
273 0x3d3d0000003d3d3d,
274};
275
276const u64 camellia_sp03303033[256] = {
277 0x0038380038003838, 0x0041410041004141, 0x0016160016001616,
278 0x0076760076007676, 0x00d9d900d900d9d9, 0x0093930093009393,
279 0x0060600060006060, 0x00f2f200f200f2f2, 0x0072720072007272,
280 0x00c2c200c200c2c2, 0x00abab00ab00abab, 0x009a9a009a009a9a,
281 0x0075750075007575, 0x0006060006000606, 0x0057570057005757,
282 0x00a0a000a000a0a0, 0x0091910091009191, 0x00f7f700f700f7f7,
283 0x00b5b500b500b5b5, 0x00c9c900c900c9c9, 0x00a2a200a200a2a2,
284 0x008c8c008c008c8c, 0x00d2d200d200d2d2, 0x0090900090009090,
285 0x00f6f600f600f6f6, 0x0007070007000707, 0x00a7a700a700a7a7,
286 0x0027270027002727, 0x008e8e008e008e8e, 0x00b2b200b200b2b2,
287 0x0049490049004949, 0x00dede00de00dede, 0x0043430043004343,
288 0x005c5c005c005c5c, 0x00d7d700d700d7d7, 0x00c7c700c700c7c7,
289 0x003e3e003e003e3e, 0x00f5f500f500f5f5, 0x008f8f008f008f8f,
290 0x0067670067006767, 0x001f1f001f001f1f, 0x0018180018001818,
291 0x006e6e006e006e6e, 0x00afaf00af00afaf, 0x002f2f002f002f2f,
292 0x00e2e200e200e2e2, 0x0085850085008585, 0x000d0d000d000d0d,
293 0x0053530053005353, 0x00f0f000f000f0f0, 0x009c9c009c009c9c,
294 0x0065650065006565, 0x00eaea00ea00eaea, 0x00a3a300a300a3a3,
295 0x00aeae00ae00aeae, 0x009e9e009e009e9e, 0x00ecec00ec00ecec,
296 0x0080800080008080, 0x002d2d002d002d2d, 0x006b6b006b006b6b,
297 0x00a8a800a800a8a8, 0x002b2b002b002b2b, 0x0036360036003636,
298 0x00a6a600a600a6a6, 0x00c5c500c500c5c5, 0x0086860086008686,
299 0x004d4d004d004d4d, 0x0033330033003333, 0x00fdfd00fd00fdfd,
300 0x0066660066006666, 0x0058580058005858, 0x0096960096009696,
301 0x003a3a003a003a3a, 0x0009090009000909, 0x0095950095009595,
302 0x0010100010001010, 0x0078780078007878, 0x00d8d800d800d8d8,
303 0x0042420042004242, 0x00cccc00cc00cccc, 0x00efef00ef00efef,
304 0x0026260026002626, 0x00e5e500e500e5e5, 0x0061610061006161,
305 0x001a1a001a001a1a, 0x003f3f003f003f3f, 0x003b3b003b003b3b,
306 0x0082820082008282, 0x00b6b600b600b6b6, 0x00dbdb00db00dbdb,
307 0x00d4d400d400d4d4, 0x0098980098009898, 0x00e8e800e800e8e8,
308 0x008b8b008b008b8b, 0x0002020002000202, 0x00ebeb00eb00ebeb,
309 0x000a0a000a000a0a, 0x002c2c002c002c2c, 0x001d1d001d001d1d,
310 0x00b0b000b000b0b0, 0x006f6f006f006f6f, 0x008d8d008d008d8d,
311 0x0088880088008888, 0x000e0e000e000e0e, 0x0019190019001919,
312 0x0087870087008787, 0x004e4e004e004e4e, 0x000b0b000b000b0b,
313 0x00a9a900a900a9a9, 0x000c0c000c000c0c, 0x0079790079007979,
314 0x0011110011001111, 0x007f7f007f007f7f, 0x0022220022002222,
315 0x00e7e700e700e7e7, 0x0059590059005959, 0x00e1e100e100e1e1,
316 0x00dada00da00dada, 0x003d3d003d003d3d, 0x00c8c800c800c8c8,
317 0x0012120012001212, 0x0004040004000404, 0x0074740074007474,
318 0x0054540054005454, 0x0030300030003030, 0x007e7e007e007e7e,
319 0x00b4b400b400b4b4, 0x0028280028002828, 0x0055550055005555,
320 0x0068680068006868, 0x0050500050005050, 0x00bebe00be00bebe,
321 0x00d0d000d000d0d0, 0x00c4c400c400c4c4, 0x0031310031003131,
322 0x00cbcb00cb00cbcb, 0x002a2a002a002a2a, 0x00adad00ad00adad,
323 0x000f0f000f000f0f, 0x00caca00ca00caca, 0x0070700070007070,
324 0x00ffff00ff00ffff, 0x0032320032003232, 0x0069690069006969,
325 0x0008080008000808, 0x0062620062006262, 0x0000000000000000,
326 0x0024240024002424, 0x00d1d100d100d1d1, 0x00fbfb00fb00fbfb,
327 0x00baba00ba00baba, 0x00eded00ed00eded, 0x0045450045004545,
328 0x0081810081008181, 0x0073730073007373, 0x006d6d006d006d6d,
329 0x0084840084008484, 0x009f9f009f009f9f, 0x00eeee00ee00eeee,
330 0x004a4a004a004a4a, 0x00c3c300c300c3c3, 0x002e2e002e002e2e,
331 0x00c1c100c100c1c1, 0x0001010001000101, 0x00e6e600e600e6e6,
332 0x0025250025002525, 0x0048480048004848, 0x0099990099009999,
333 0x00b9b900b900b9b9, 0x00b3b300b300b3b3, 0x007b7b007b007b7b,
334 0x00f9f900f900f9f9, 0x00cece00ce00cece, 0x00bfbf00bf00bfbf,
335 0x00dfdf00df00dfdf, 0x0071710071007171, 0x0029290029002929,
336 0x00cdcd00cd00cdcd, 0x006c6c006c006c6c, 0x0013130013001313,
337 0x0064640064006464, 0x009b9b009b009b9b, 0x0063630063006363,
338 0x009d9d009d009d9d, 0x00c0c000c000c0c0, 0x004b4b004b004b4b,
339 0x00b7b700b700b7b7, 0x00a5a500a500a5a5, 0x0089890089008989,
340 0x005f5f005f005f5f, 0x00b1b100b100b1b1, 0x0017170017001717,
341 0x00f4f400f400f4f4, 0x00bcbc00bc00bcbc, 0x00d3d300d300d3d3,
342 0x0046460046004646, 0x00cfcf00cf00cfcf, 0x0037370037003737,
343 0x005e5e005e005e5e, 0x0047470047004747, 0x0094940094009494,
344 0x00fafa00fa00fafa, 0x00fcfc00fc00fcfc, 0x005b5b005b005b5b,
345 0x0097970097009797, 0x00fefe00fe00fefe, 0x005a5a005a005a5a,
346 0x00acac00ac00acac, 0x003c3c003c003c3c, 0x004c4c004c004c4c,
347 0x0003030003000303, 0x0035350035003535, 0x00f3f300f300f3f3,
348 0x0023230023002323, 0x00b8b800b800b8b8, 0x005d5d005d005d5d,
349 0x006a6a006a006a6a, 0x0092920092009292, 0x00d5d500d500d5d5,
350 0x0021210021002121, 0x0044440044004444, 0x0051510051005151,
351 0x00c6c600c600c6c6, 0x007d7d007d007d7d, 0x0039390039003939,
352 0x0083830083008383, 0x00dcdc00dc00dcdc, 0x00aaaa00aa00aaaa,
353 0x007c7c007c007c7c, 0x0077770077007777, 0x0056560056005656,
354 0x0005050005000505, 0x001b1b001b001b1b, 0x00a4a400a400a4a4,
355 0x0015150015001515, 0x0034340034003434, 0x001e1e001e001e1e,
356 0x001c1c001c001c1c, 0x00f8f800f800f8f8, 0x0052520052005252,
357 0x0020200020002020, 0x0014140014001414, 0x00e9e900e900e9e9,
358 0x00bdbd00bd00bdbd, 0x00dddd00dd00dddd, 0x00e4e400e400e4e4,
359 0x00a1a100a100a1a1, 0x00e0e000e000e0e0, 0x008a8a008a008a8a,
360 0x00f1f100f100f1f1, 0x00d6d600d600d6d6, 0x007a7a007a007a7a,
361 0x00bbbb00bb00bbbb, 0x00e3e300e300e3e3, 0x0040400040004040,
362 0x004f4f004f004f4f,
363};
364
365const u64 camellia_sp00444404[256] = {
366 0x0000707070700070, 0x00002c2c2c2c002c, 0x0000b3b3b3b300b3,
367 0x0000c0c0c0c000c0, 0x0000e4e4e4e400e4, 0x0000575757570057,
368 0x0000eaeaeaea00ea, 0x0000aeaeaeae00ae, 0x0000232323230023,
369 0x00006b6b6b6b006b, 0x0000454545450045, 0x0000a5a5a5a500a5,
370 0x0000edededed00ed, 0x00004f4f4f4f004f, 0x00001d1d1d1d001d,
371 0x0000929292920092, 0x0000868686860086, 0x0000afafafaf00af,
372 0x00007c7c7c7c007c, 0x00001f1f1f1f001f, 0x00003e3e3e3e003e,
373 0x0000dcdcdcdc00dc, 0x00005e5e5e5e005e, 0x00000b0b0b0b000b,
374 0x0000a6a6a6a600a6, 0x0000393939390039, 0x0000d5d5d5d500d5,
375 0x00005d5d5d5d005d, 0x0000d9d9d9d900d9, 0x00005a5a5a5a005a,
376 0x0000515151510051, 0x00006c6c6c6c006c, 0x00008b8b8b8b008b,
377 0x00009a9a9a9a009a, 0x0000fbfbfbfb00fb, 0x0000b0b0b0b000b0,
378 0x0000747474740074, 0x00002b2b2b2b002b, 0x0000f0f0f0f000f0,
379 0x0000848484840084, 0x0000dfdfdfdf00df, 0x0000cbcbcbcb00cb,
380 0x0000343434340034, 0x0000767676760076, 0x00006d6d6d6d006d,
381 0x0000a9a9a9a900a9, 0x0000d1d1d1d100d1, 0x0000040404040004,
382 0x0000141414140014, 0x00003a3a3a3a003a, 0x0000dededede00de,
383 0x0000111111110011, 0x0000323232320032, 0x00009c9c9c9c009c,
384 0x0000535353530053, 0x0000f2f2f2f200f2, 0x0000fefefefe00fe,
385 0x0000cfcfcfcf00cf, 0x0000c3c3c3c300c3, 0x00007a7a7a7a007a,
386 0x0000242424240024, 0x0000e8e8e8e800e8, 0x0000606060600060,
387 0x0000696969690069, 0x0000aaaaaaaa00aa, 0x0000a0a0a0a000a0,
388 0x0000a1a1a1a100a1, 0x0000626262620062, 0x0000545454540054,
389 0x00001e1e1e1e001e, 0x0000e0e0e0e000e0, 0x0000646464640064,
390 0x0000101010100010, 0x0000000000000000, 0x0000a3a3a3a300a3,
391 0x0000757575750075, 0x00008a8a8a8a008a, 0x0000e6e6e6e600e6,
392 0x0000090909090009, 0x0000dddddddd00dd, 0x0000878787870087,
393 0x0000838383830083, 0x0000cdcdcdcd00cd, 0x0000909090900090,
394 0x0000737373730073, 0x0000f6f6f6f600f6, 0x00009d9d9d9d009d,
395 0x0000bfbfbfbf00bf, 0x0000525252520052, 0x0000d8d8d8d800d8,
396 0x0000c8c8c8c800c8, 0x0000c6c6c6c600c6, 0x0000818181810081,
397 0x00006f6f6f6f006f, 0x0000131313130013, 0x0000636363630063,
398 0x0000e9e9e9e900e9, 0x0000a7a7a7a700a7, 0x00009f9f9f9f009f,
399 0x0000bcbcbcbc00bc, 0x0000292929290029, 0x0000f9f9f9f900f9,
400 0x00002f2f2f2f002f, 0x0000b4b4b4b400b4, 0x0000787878780078,
401 0x0000060606060006, 0x0000e7e7e7e700e7, 0x0000717171710071,
402 0x0000d4d4d4d400d4, 0x0000abababab00ab, 0x0000888888880088,
403 0x00008d8d8d8d008d, 0x0000727272720072, 0x0000b9b9b9b900b9,
404 0x0000f8f8f8f800f8, 0x0000acacacac00ac, 0x0000363636360036,
405 0x00002a2a2a2a002a, 0x00003c3c3c3c003c, 0x0000f1f1f1f100f1,
406 0x0000404040400040, 0x0000d3d3d3d300d3, 0x0000bbbbbbbb00bb,
407 0x0000434343430043, 0x0000151515150015, 0x0000adadadad00ad,
408 0x0000777777770077, 0x0000808080800080, 0x0000828282820082,
409 0x0000ecececec00ec, 0x0000272727270027, 0x0000e5e5e5e500e5,
410 0x0000858585850085, 0x0000353535350035, 0x00000c0c0c0c000c,
411 0x0000414141410041, 0x0000efefefef00ef, 0x0000939393930093,
412 0x0000191919190019, 0x0000212121210021, 0x00000e0e0e0e000e,
413 0x00004e4e4e4e004e, 0x0000656565650065, 0x0000bdbdbdbd00bd,
414 0x0000b8b8b8b800b8, 0x00008f8f8f8f008f, 0x0000ebebebeb00eb,
415 0x0000cececece00ce, 0x0000303030300030, 0x00005f5f5f5f005f,
416 0x0000c5c5c5c500c5, 0x00001a1a1a1a001a, 0x0000e1e1e1e100e1,
417 0x0000cacacaca00ca, 0x0000474747470047, 0x00003d3d3d3d003d,
418 0x0000010101010001, 0x0000d6d6d6d600d6, 0x0000565656560056,
419 0x00004d4d4d4d004d, 0x00000d0d0d0d000d, 0x0000666666660066,
420 0x0000cccccccc00cc, 0x00002d2d2d2d002d, 0x0000121212120012,
421 0x0000202020200020, 0x0000b1b1b1b100b1, 0x0000999999990099,
422 0x00004c4c4c4c004c, 0x0000c2c2c2c200c2, 0x00007e7e7e7e007e,
423 0x0000050505050005, 0x0000b7b7b7b700b7, 0x0000313131310031,
424 0x0000171717170017, 0x0000d7d7d7d700d7, 0x0000585858580058,
425 0x0000616161610061, 0x00001b1b1b1b001b, 0x00001c1c1c1c001c,
426 0x00000f0f0f0f000f, 0x0000161616160016, 0x0000181818180018,
427 0x0000222222220022, 0x0000444444440044, 0x0000b2b2b2b200b2,
428 0x0000b5b5b5b500b5, 0x0000919191910091, 0x0000080808080008,
429 0x0000a8a8a8a800a8, 0x0000fcfcfcfc00fc, 0x0000505050500050,
430 0x0000d0d0d0d000d0, 0x00007d7d7d7d007d, 0x0000898989890089,
431 0x0000979797970097, 0x00005b5b5b5b005b, 0x0000959595950095,
432 0x0000ffffffff00ff, 0x0000d2d2d2d200d2, 0x0000c4c4c4c400c4,
433 0x0000484848480048, 0x0000f7f7f7f700f7, 0x0000dbdbdbdb00db,
434 0x0000030303030003, 0x0000dadadada00da, 0x00003f3f3f3f003f,
435 0x0000949494940094, 0x00005c5c5c5c005c, 0x0000020202020002,
436 0x00004a4a4a4a004a, 0x0000333333330033, 0x0000676767670067,
437 0x0000f3f3f3f300f3, 0x00007f7f7f7f007f, 0x0000e2e2e2e200e2,
438 0x00009b9b9b9b009b, 0x0000262626260026, 0x0000373737370037,
439 0x00003b3b3b3b003b, 0x0000969696960096, 0x00004b4b4b4b004b,
440 0x0000bebebebe00be, 0x00002e2e2e2e002e, 0x0000797979790079,
441 0x00008c8c8c8c008c, 0x00006e6e6e6e006e, 0x00008e8e8e8e008e,
442 0x0000f5f5f5f500f5, 0x0000b6b6b6b600b6, 0x0000fdfdfdfd00fd,
443 0x0000595959590059, 0x0000989898980098, 0x00006a6a6a6a006a,
444 0x0000464646460046, 0x0000babababa00ba, 0x0000252525250025,
445 0x0000424242420042, 0x0000a2a2a2a200a2, 0x0000fafafafa00fa,
446 0x0000070707070007, 0x0000555555550055, 0x0000eeeeeeee00ee,
447 0x00000a0a0a0a000a, 0x0000494949490049, 0x0000686868680068,
448 0x0000383838380038, 0x0000a4a4a4a400a4, 0x0000282828280028,
449 0x00007b7b7b7b007b, 0x0000c9c9c9c900c9, 0x0000c1c1c1c100c1,
450 0x0000e3e3e3e300e3, 0x0000f4f4f4f400f4, 0x0000c7c7c7c700c7,
451 0x00009e9e9e9e009e,
452};
453
454const u64 camellia_sp02220222[256] = {
455 0x00e0e0e000e0e0e0, 0x0005050500050505, 0x0058585800585858,
456 0x00d9d9d900d9d9d9, 0x0067676700676767, 0x004e4e4e004e4e4e,
457 0x0081818100818181, 0x00cbcbcb00cbcbcb, 0x00c9c9c900c9c9c9,
458 0x000b0b0b000b0b0b, 0x00aeaeae00aeaeae, 0x006a6a6a006a6a6a,
459 0x00d5d5d500d5d5d5, 0x0018181800181818, 0x005d5d5d005d5d5d,
460 0x0082828200828282, 0x0046464600464646, 0x00dfdfdf00dfdfdf,
461 0x00d6d6d600d6d6d6, 0x0027272700272727, 0x008a8a8a008a8a8a,
462 0x0032323200323232, 0x004b4b4b004b4b4b, 0x0042424200424242,
463 0x00dbdbdb00dbdbdb, 0x001c1c1c001c1c1c, 0x009e9e9e009e9e9e,
464 0x009c9c9c009c9c9c, 0x003a3a3a003a3a3a, 0x00cacaca00cacaca,
465 0x0025252500252525, 0x007b7b7b007b7b7b, 0x000d0d0d000d0d0d,
466 0x0071717100717171, 0x005f5f5f005f5f5f, 0x001f1f1f001f1f1f,
467 0x00f8f8f800f8f8f8, 0x00d7d7d700d7d7d7, 0x003e3e3e003e3e3e,
468 0x009d9d9d009d9d9d, 0x007c7c7c007c7c7c, 0x0060606000606060,
469 0x00b9b9b900b9b9b9, 0x00bebebe00bebebe, 0x00bcbcbc00bcbcbc,
470 0x008b8b8b008b8b8b, 0x0016161600161616, 0x0034343400343434,
471 0x004d4d4d004d4d4d, 0x00c3c3c300c3c3c3, 0x0072727200727272,
472 0x0095959500959595, 0x00ababab00ababab, 0x008e8e8e008e8e8e,
473 0x00bababa00bababa, 0x007a7a7a007a7a7a, 0x00b3b3b300b3b3b3,
474 0x0002020200020202, 0x00b4b4b400b4b4b4, 0x00adadad00adadad,
475 0x00a2a2a200a2a2a2, 0x00acacac00acacac, 0x00d8d8d800d8d8d8,
476 0x009a9a9a009a9a9a, 0x0017171700171717, 0x001a1a1a001a1a1a,
477 0x0035353500353535, 0x00cccccc00cccccc, 0x00f7f7f700f7f7f7,
478 0x0099999900999999, 0x0061616100616161, 0x005a5a5a005a5a5a,
479 0x00e8e8e800e8e8e8, 0x0024242400242424, 0x0056565600565656,
480 0x0040404000404040, 0x00e1e1e100e1e1e1, 0x0063636300636363,
481 0x0009090900090909, 0x0033333300333333, 0x00bfbfbf00bfbfbf,
482 0x0098989800989898, 0x0097979700979797, 0x0085858500858585,
483 0x0068686800686868, 0x00fcfcfc00fcfcfc, 0x00ececec00ececec,
484 0x000a0a0a000a0a0a, 0x00dadada00dadada, 0x006f6f6f006f6f6f,
485 0x0053535300535353, 0x0062626200626262, 0x00a3a3a300a3a3a3,
486 0x002e2e2e002e2e2e, 0x0008080800080808, 0x00afafaf00afafaf,
487 0x0028282800282828, 0x00b0b0b000b0b0b0, 0x0074747400747474,
488 0x00c2c2c200c2c2c2, 0x00bdbdbd00bdbdbd, 0x0036363600363636,
489 0x0022222200222222, 0x0038383800383838, 0x0064646400646464,
490 0x001e1e1e001e1e1e, 0x0039393900393939, 0x002c2c2c002c2c2c,
491 0x00a6a6a600a6a6a6, 0x0030303000303030, 0x00e5e5e500e5e5e5,
492 0x0044444400444444, 0x00fdfdfd00fdfdfd, 0x0088888800888888,
493 0x009f9f9f009f9f9f, 0x0065656500656565, 0x0087878700878787,
494 0x006b6b6b006b6b6b, 0x00f4f4f400f4f4f4, 0x0023232300232323,
495 0x0048484800484848, 0x0010101000101010, 0x00d1d1d100d1d1d1,
496 0x0051515100515151, 0x00c0c0c000c0c0c0, 0x00f9f9f900f9f9f9,
497 0x00d2d2d200d2d2d2, 0x00a0a0a000a0a0a0, 0x0055555500555555,
498 0x00a1a1a100a1a1a1, 0x0041414100414141, 0x00fafafa00fafafa,
499 0x0043434300434343, 0x0013131300131313, 0x00c4c4c400c4c4c4,
500 0x002f2f2f002f2f2f, 0x00a8a8a800a8a8a8, 0x00b6b6b600b6b6b6,
501 0x003c3c3c003c3c3c, 0x002b2b2b002b2b2b, 0x00c1c1c100c1c1c1,
502 0x00ffffff00ffffff, 0x00c8c8c800c8c8c8, 0x00a5a5a500a5a5a5,
503 0x0020202000202020, 0x0089898900898989, 0x0000000000000000,
504 0x0090909000909090, 0x0047474700474747, 0x00efefef00efefef,
505 0x00eaeaea00eaeaea, 0x00b7b7b700b7b7b7, 0x0015151500151515,
506 0x0006060600060606, 0x00cdcdcd00cdcdcd, 0x00b5b5b500b5b5b5,
507 0x0012121200121212, 0x007e7e7e007e7e7e, 0x00bbbbbb00bbbbbb,
508 0x0029292900292929, 0x000f0f0f000f0f0f, 0x00b8b8b800b8b8b8,
509 0x0007070700070707, 0x0004040400040404, 0x009b9b9b009b9b9b,
510 0x0094949400949494, 0x0021212100212121, 0x0066666600666666,
511 0x00e6e6e600e6e6e6, 0x00cecece00cecece, 0x00ededed00ededed,
512 0x00e7e7e700e7e7e7, 0x003b3b3b003b3b3b, 0x00fefefe00fefefe,
513 0x007f7f7f007f7f7f, 0x00c5c5c500c5c5c5, 0x00a4a4a400a4a4a4,
514 0x0037373700373737, 0x00b1b1b100b1b1b1, 0x004c4c4c004c4c4c,
515 0x0091919100919191, 0x006e6e6e006e6e6e, 0x008d8d8d008d8d8d,
516 0x0076767600767676, 0x0003030300030303, 0x002d2d2d002d2d2d,
517 0x00dedede00dedede, 0x0096969600969696, 0x0026262600262626,
518 0x007d7d7d007d7d7d, 0x00c6c6c600c6c6c6, 0x005c5c5c005c5c5c,
519 0x00d3d3d300d3d3d3, 0x00f2f2f200f2f2f2, 0x004f4f4f004f4f4f,
520 0x0019191900191919, 0x003f3f3f003f3f3f, 0x00dcdcdc00dcdcdc,
521 0x0079797900797979, 0x001d1d1d001d1d1d, 0x0052525200525252,
522 0x00ebebeb00ebebeb, 0x00f3f3f300f3f3f3, 0x006d6d6d006d6d6d,
523 0x005e5e5e005e5e5e, 0x00fbfbfb00fbfbfb, 0x0069696900696969,
524 0x00b2b2b200b2b2b2, 0x00f0f0f000f0f0f0, 0x0031313100313131,
525 0x000c0c0c000c0c0c, 0x00d4d4d400d4d4d4, 0x00cfcfcf00cfcfcf,
526 0x008c8c8c008c8c8c, 0x00e2e2e200e2e2e2, 0x0075757500757575,
527 0x00a9a9a900a9a9a9, 0x004a4a4a004a4a4a, 0x0057575700575757,
528 0x0084848400848484, 0x0011111100111111, 0x0045454500454545,
529 0x001b1b1b001b1b1b, 0x00f5f5f500f5f5f5, 0x00e4e4e400e4e4e4,
530 0x000e0e0e000e0e0e, 0x0073737300737373, 0x00aaaaaa00aaaaaa,
531 0x00f1f1f100f1f1f1, 0x00dddddd00dddddd, 0x0059595900595959,
532 0x0014141400141414, 0x006c6c6c006c6c6c, 0x0092929200929292,
533 0x0054545400545454, 0x00d0d0d000d0d0d0, 0x0078787800787878,
534 0x0070707000707070, 0x00e3e3e300e3e3e3, 0x0049494900494949,
535 0x0080808000808080, 0x0050505000505050, 0x00a7a7a700a7a7a7,
536 0x00f6f6f600f6f6f6, 0x0077777700777777, 0x0093939300939393,
537 0x0086868600868686, 0x0083838300838383, 0x002a2a2a002a2a2a,
538 0x00c7c7c700c7c7c7, 0x005b5b5b005b5b5b, 0x00e9e9e900e9e9e9,
539 0x00eeeeee00eeeeee, 0x008f8f8f008f8f8f, 0x0001010100010101,
540 0x003d3d3d003d3d3d,
541};
542
543const u64 camellia_sp30333033[256] = {
544 0x3800383838003838, 0x4100414141004141, 0x1600161616001616,
545 0x7600767676007676, 0xd900d9d9d900d9d9, 0x9300939393009393,
546 0x6000606060006060, 0xf200f2f2f200f2f2, 0x7200727272007272,
547 0xc200c2c2c200c2c2, 0xab00ababab00abab, 0x9a009a9a9a009a9a,
548 0x7500757575007575, 0x0600060606000606, 0x5700575757005757,
549 0xa000a0a0a000a0a0, 0x9100919191009191, 0xf700f7f7f700f7f7,
550 0xb500b5b5b500b5b5, 0xc900c9c9c900c9c9, 0xa200a2a2a200a2a2,
551 0x8c008c8c8c008c8c, 0xd200d2d2d200d2d2, 0x9000909090009090,
552 0xf600f6f6f600f6f6, 0x0700070707000707, 0xa700a7a7a700a7a7,
553 0x2700272727002727, 0x8e008e8e8e008e8e, 0xb200b2b2b200b2b2,
554 0x4900494949004949, 0xde00dedede00dede, 0x4300434343004343,
555 0x5c005c5c5c005c5c, 0xd700d7d7d700d7d7, 0xc700c7c7c700c7c7,
556 0x3e003e3e3e003e3e, 0xf500f5f5f500f5f5, 0x8f008f8f8f008f8f,
557 0x6700676767006767, 0x1f001f1f1f001f1f, 0x1800181818001818,
558 0x6e006e6e6e006e6e, 0xaf00afafaf00afaf, 0x2f002f2f2f002f2f,
559 0xe200e2e2e200e2e2, 0x8500858585008585, 0x0d000d0d0d000d0d,
560 0x5300535353005353, 0xf000f0f0f000f0f0, 0x9c009c9c9c009c9c,
561 0x6500656565006565, 0xea00eaeaea00eaea, 0xa300a3a3a300a3a3,
562 0xae00aeaeae00aeae, 0x9e009e9e9e009e9e, 0xec00ececec00ecec,
563 0x8000808080008080, 0x2d002d2d2d002d2d, 0x6b006b6b6b006b6b,
564 0xa800a8a8a800a8a8, 0x2b002b2b2b002b2b, 0x3600363636003636,
565 0xa600a6a6a600a6a6, 0xc500c5c5c500c5c5, 0x8600868686008686,
566 0x4d004d4d4d004d4d, 0x3300333333003333, 0xfd00fdfdfd00fdfd,
567 0x6600666666006666, 0x5800585858005858, 0x9600969696009696,
568 0x3a003a3a3a003a3a, 0x0900090909000909, 0x9500959595009595,
569 0x1000101010001010, 0x7800787878007878, 0xd800d8d8d800d8d8,
570 0x4200424242004242, 0xcc00cccccc00cccc, 0xef00efefef00efef,
571 0x2600262626002626, 0xe500e5e5e500e5e5, 0x6100616161006161,
572 0x1a001a1a1a001a1a, 0x3f003f3f3f003f3f, 0x3b003b3b3b003b3b,
573 0x8200828282008282, 0xb600b6b6b600b6b6, 0xdb00dbdbdb00dbdb,
574 0xd400d4d4d400d4d4, 0x9800989898009898, 0xe800e8e8e800e8e8,
575 0x8b008b8b8b008b8b, 0x0200020202000202, 0xeb00ebebeb00ebeb,
576 0x0a000a0a0a000a0a, 0x2c002c2c2c002c2c, 0x1d001d1d1d001d1d,
577 0xb000b0b0b000b0b0, 0x6f006f6f6f006f6f, 0x8d008d8d8d008d8d,
578 0x8800888888008888, 0x0e000e0e0e000e0e, 0x1900191919001919,
579 0x8700878787008787, 0x4e004e4e4e004e4e, 0x0b000b0b0b000b0b,
580 0xa900a9a9a900a9a9, 0x0c000c0c0c000c0c, 0x7900797979007979,
581 0x1100111111001111, 0x7f007f7f7f007f7f, 0x2200222222002222,
582 0xe700e7e7e700e7e7, 0x5900595959005959, 0xe100e1e1e100e1e1,
583 0xda00dadada00dada, 0x3d003d3d3d003d3d, 0xc800c8c8c800c8c8,
584 0x1200121212001212, 0x0400040404000404, 0x7400747474007474,
585 0x5400545454005454, 0x3000303030003030, 0x7e007e7e7e007e7e,
586 0xb400b4b4b400b4b4, 0x2800282828002828, 0x5500555555005555,
587 0x6800686868006868, 0x5000505050005050, 0xbe00bebebe00bebe,
588 0xd000d0d0d000d0d0, 0xc400c4c4c400c4c4, 0x3100313131003131,
589 0xcb00cbcbcb00cbcb, 0x2a002a2a2a002a2a, 0xad00adadad00adad,
590 0x0f000f0f0f000f0f, 0xca00cacaca00caca, 0x7000707070007070,
591 0xff00ffffff00ffff, 0x3200323232003232, 0x6900696969006969,
592 0x0800080808000808, 0x6200626262006262, 0x0000000000000000,
593 0x2400242424002424, 0xd100d1d1d100d1d1, 0xfb00fbfbfb00fbfb,
594 0xba00bababa00baba, 0xed00ededed00eded, 0x4500454545004545,
595 0x8100818181008181, 0x7300737373007373, 0x6d006d6d6d006d6d,
596 0x8400848484008484, 0x9f009f9f9f009f9f, 0xee00eeeeee00eeee,
597 0x4a004a4a4a004a4a, 0xc300c3c3c300c3c3, 0x2e002e2e2e002e2e,
598 0xc100c1c1c100c1c1, 0x0100010101000101, 0xe600e6e6e600e6e6,
599 0x2500252525002525, 0x4800484848004848, 0x9900999999009999,
600 0xb900b9b9b900b9b9, 0xb300b3b3b300b3b3, 0x7b007b7b7b007b7b,
601 0xf900f9f9f900f9f9, 0xce00cecece00cece, 0xbf00bfbfbf00bfbf,
602 0xdf00dfdfdf00dfdf, 0x7100717171007171, 0x2900292929002929,
603 0xcd00cdcdcd00cdcd, 0x6c006c6c6c006c6c, 0x1300131313001313,
604 0x6400646464006464, 0x9b009b9b9b009b9b, 0x6300636363006363,
605 0x9d009d9d9d009d9d, 0xc000c0c0c000c0c0, 0x4b004b4b4b004b4b,
606 0xb700b7b7b700b7b7, 0xa500a5a5a500a5a5, 0x8900898989008989,
607 0x5f005f5f5f005f5f, 0xb100b1b1b100b1b1, 0x1700171717001717,
608 0xf400f4f4f400f4f4, 0xbc00bcbcbc00bcbc, 0xd300d3d3d300d3d3,
609 0x4600464646004646, 0xcf00cfcfcf00cfcf, 0x3700373737003737,
610 0x5e005e5e5e005e5e, 0x4700474747004747, 0x9400949494009494,
611 0xfa00fafafa00fafa, 0xfc00fcfcfc00fcfc, 0x5b005b5b5b005b5b,
612 0x9700979797009797, 0xfe00fefefe00fefe, 0x5a005a5a5a005a5a,
613 0xac00acacac00acac, 0x3c003c3c3c003c3c, 0x4c004c4c4c004c4c,
614 0x0300030303000303, 0x3500353535003535, 0xf300f3f3f300f3f3,
615 0x2300232323002323, 0xb800b8b8b800b8b8, 0x5d005d5d5d005d5d,
616 0x6a006a6a6a006a6a, 0x9200929292009292, 0xd500d5d5d500d5d5,
617 0x2100212121002121, 0x4400444444004444, 0x5100515151005151,
618 0xc600c6c6c600c6c6, 0x7d007d7d7d007d7d, 0x3900393939003939,
619 0x8300838383008383, 0xdc00dcdcdc00dcdc, 0xaa00aaaaaa00aaaa,
620 0x7c007c7c7c007c7c, 0x7700777777007777, 0x5600565656005656,
621 0x0500050505000505, 0x1b001b1b1b001b1b, 0xa400a4a4a400a4a4,
622 0x1500151515001515, 0x3400343434003434, 0x1e001e1e1e001e1e,
623 0x1c001c1c1c001c1c, 0xf800f8f8f800f8f8, 0x5200525252005252,
624 0x2000202020002020, 0x1400141414001414, 0xe900e9e9e900e9e9,
625 0xbd00bdbdbd00bdbd, 0xdd00dddddd00dddd, 0xe400e4e4e400e4e4,
626 0xa100a1a1a100a1a1, 0xe000e0e0e000e0e0, 0x8a008a8a8a008a8a,
627 0xf100f1f1f100f1f1, 0xd600d6d6d600d6d6, 0x7a007a7a7a007a7a,
628 0xbb00bbbbbb00bbbb, 0xe300e3e3e300e3e3, 0x4000404040004040,
629 0x4f004f4f4f004f4f,
630};
631
632const u64 camellia_sp44044404[256] = {
633 0x7070007070700070, 0x2c2c002c2c2c002c, 0xb3b300b3b3b300b3,
634 0xc0c000c0c0c000c0, 0xe4e400e4e4e400e4, 0x5757005757570057,
635 0xeaea00eaeaea00ea, 0xaeae00aeaeae00ae, 0x2323002323230023,
636 0x6b6b006b6b6b006b, 0x4545004545450045, 0xa5a500a5a5a500a5,
637 0xeded00ededed00ed, 0x4f4f004f4f4f004f, 0x1d1d001d1d1d001d,
638 0x9292009292920092, 0x8686008686860086, 0xafaf00afafaf00af,
639 0x7c7c007c7c7c007c, 0x1f1f001f1f1f001f, 0x3e3e003e3e3e003e,
640 0xdcdc00dcdcdc00dc, 0x5e5e005e5e5e005e, 0x0b0b000b0b0b000b,
641 0xa6a600a6a6a600a6, 0x3939003939390039, 0xd5d500d5d5d500d5,
642 0x5d5d005d5d5d005d, 0xd9d900d9d9d900d9, 0x5a5a005a5a5a005a,
643 0x5151005151510051, 0x6c6c006c6c6c006c, 0x8b8b008b8b8b008b,
644 0x9a9a009a9a9a009a, 0xfbfb00fbfbfb00fb, 0xb0b000b0b0b000b0,
645 0x7474007474740074, 0x2b2b002b2b2b002b, 0xf0f000f0f0f000f0,
646 0x8484008484840084, 0xdfdf00dfdfdf00df, 0xcbcb00cbcbcb00cb,
647 0x3434003434340034, 0x7676007676760076, 0x6d6d006d6d6d006d,
648 0xa9a900a9a9a900a9, 0xd1d100d1d1d100d1, 0x0404000404040004,
649 0x1414001414140014, 0x3a3a003a3a3a003a, 0xdede00dedede00de,
650 0x1111001111110011, 0x3232003232320032, 0x9c9c009c9c9c009c,
651 0x5353005353530053, 0xf2f200f2f2f200f2, 0xfefe00fefefe00fe,
652 0xcfcf00cfcfcf00cf, 0xc3c300c3c3c300c3, 0x7a7a007a7a7a007a,
653 0x2424002424240024, 0xe8e800e8e8e800e8, 0x6060006060600060,
654 0x6969006969690069, 0xaaaa00aaaaaa00aa, 0xa0a000a0a0a000a0,
655 0xa1a100a1a1a100a1, 0x6262006262620062, 0x5454005454540054,
656 0x1e1e001e1e1e001e, 0xe0e000e0e0e000e0, 0x6464006464640064,
657 0x1010001010100010, 0x0000000000000000, 0xa3a300a3a3a300a3,
658 0x7575007575750075, 0x8a8a008a8a8a008a, 0xe6e600e6e6e600e6,
659 0x0909000909090009, 0xdddd00dddddd00dd, 0x8787008787870087,
660 0x8383008383830083, 0xcdcd00cdcdcd00cd, 0x9090009090900090,
661 0x7373007373730073, 0xf6f600f6f6f600f6, 0x9d9d009d9d9d009d,
662 0xbfbf00bfbfbf00bf, 0x5252005252520052, 0xd8d800d8d8d800d8,
663 0xc8c800c8c8c800c8, 0xc6c600c6c6c600c6, 0x8181008181810081,
664 0x6f6f006f6f6f006f, 0x1313001313130013, 0x6363006363630063,
665 0xe9e900e9e9e900e9, 0xa7a700a7a7a700a7, 0x9f9f009f9f9f009f,
666 0xbcbc00bcbcbc00bc, 0x2929002929290029, 0xf9f900f9f9f900f9,
667 0x2f2f002f2f2f002f, 0xb4b400b4b4b400b4, 0x7878007878780078,
668 0x0606000606060006, 0xe7e700e7e7e700e7, 0x7171007171710071,
669 0xd4d400d4d4d400d4, 0xabab00ababab00ab, 0x8888008888880088,
670 0x8d8d008d8d8d008d, 0x7272007272720072, 0xb9b900b9b9b900b9,
671 0xf8f800f8f8f800f8, 0xacac00acacac00ac, 0x3636003636360036,
672 0x2a2a002a2a2a002a, 0x3c3c003c3c3c003c, 0xf1f100f1f1f100f1,
673 0x4040004040400040, 0xd3d300d3d3d300d3, 0xbbbb00bbbbbb00bb,
674 0x4343004343430043, 0x1515001515150015, 0xadad00adadad00ad,
675 0x7777007777770077, 0x8080008080800080, 0x8282008282820082,
676 0xecec00ececec00ec, 0x2727002727270027, 0xe5e500e5e5e500e5,
677 0x8585008585850085, 0x3535003535350035, 0x0c0c000c0c0c000c,
678 0x4141004141410041, 0xefef00efefef00ef, 0x9393009393930093,
679 0x1919001919190019, 0x2121002121210021, 0x0e0e000e0e0e000e,
680 0x4e4e004e4e4e004e, 0x6565006565650065, 0xbdbd00bdbdbd00bd,
681 0xb8b800b8b8b800b8, 0x8f8f008f8f8f008f, 0xebeb00ebebeb00eb,
682 0xcece00cecece00ce, 0x3030003030300030, 0x5f5f005f5f5f005f,
683 0xc5c500c5c5c500c5, 0x1a1a001a1a1a001a, 0xe1e100e1e1e100e1,
684 0xcaca00cacaca00ca, 0x4747004747470047, 0x3d3d003d3d3d003d,
685 0x0101000101010001, 0xd6d600d6d6d600d6, 0x5656005656560056,
686 0x4d4d004d4d4d004d, 0x0d0d000d0d0d000d, 0x6666006666660066,
687 0xcccc00cccccc00cc, 0x2d2d002d2d2d002d, 0x1212001212120012,
688 0x2020002020200020, 0xb1b100b1b1b100b1, 0x9999009999990099,
689 0x4c4c004c4c4c004c, 0xc2c200c2c2c200c2, 0x7e7e007e7e7e007e,
690 0x0505000505050005, 0xb7b700b7b7b700b7, 0x3131003131310031,
691 0x1717001717170017, 0xd7d700d7d7d700d7, 0x5858005858580058,
692 0x6161006161610061, 0x1b1b001b1b1b001b, 0x1c1c001c1c1c001c,
693 0x0f0f000f0f0f000f, 0x1616001616160016, 0x1818001818180018,
694 0x2222002222220022, 0x4444004444440044, 0xb2b200b2b2b200b2,
695 0xb5b500b5b5b500b5, 0x9191009191910091, 0x0808000808080008,
696 0xa8a800a8a8a800a8, 0xfcfc00fcfcfc00fc, 0x5050005050500050,
697 0xd0d000d0d0d000d0, 0x7d7d007d7d7d007d, 0x8989008989890089,
698 0x9797009797970097, 0x5b5b005b5b5b005b, 0x9595009595950095,
699 0xffff00ffffff00ff, 0xd2d200d2d2d200d2, 0xc4c400c4c4c400c4,
700 0x4848004848480048, 0xf7f700f7f7f700f7, 0xdbdb00dbdbdb00db,
701 0x0303000303030003, 0xdada00dadada00da, 0x3f3f003f3f3f003f,
702 0x9494009494940094, 0x5c5c005c5c5c005c, 0x0202000202020002,
703 0x4a4a004a4a4a004a, 0x3333003333330033, 0x6767006767670067,
704 0xf3f300f3f3f300f3, 0x7f7f007f7f7f007f, 0xe2e200e2e2e200e2,
705 0x9b9b009b9b9b009b, 0x2626002626260026, 0x3737003737370037,
706 0x3b3b003b3b3b003b, 0x9696009696960096, 0x4b4b004b4b4b004b,
707 0xbebe00bebebe00be, 0x2e2e002e2e2e002e, 0x7979007979790079,
708 0x8c8c008c8c8c008c, 0x6e6e006e6e6e006e, 0x8e8e008e8e8e008e,
709 0xf5f500f5f5f500f5, 0xb6b600b6b6b600b6, 0xfdfd00fdfdfd00fd,
710 0x5959005959590059, 0x9898009898980098, 0x6a6a006a6a6a006a,
711 0x4646004646460046, 0xbaba00bababa00ba, 0x2525002525250025,
712 0x4242004242420042, 0xa2a200a2a2a200a2, 0xfafa00fafafa00fa,
713 0x0707000707070007, 0x5555005555550055, 0xeeee00eeeeee00ee,
714 0x0a0a000a0a0a000a, 0x4949004949490049, 0x6868006868680068,
715 0x3838003838380038, 0xa4a400a4a4a400a4, 0x2828002828280028,
716 0x7b7b007b7b7b007b, 0xc9c900c9c9c900c9, 0xc1c100c1c1c100c1,
717 0xe3e300e3e3e300e3, 0xf4f400f4f4f400f4, 0xc7c700c7c7c700c7,
718 0x9e9e009e9e9e009e,
719};
720
721const u64 camellia_sp11101110[256] = {
722 0x7070700070707000, 0x8282820082828200, 0x2c2c2c002c2c2c00,
723 0xececec00ececec00, 0xb3b3b300b3b3b300, 0x2727270027272700,
724 0xc0c0c000c0c0c000, 0xe5e5e500e5e5e500, 0xe4e4e400e4e4e400,
725 0x8585850085858500, 0x5757570057575700, 0x3535350035353500,
726 0xeaeaea00eaeaea00, 0x0c0c0c000c0c0c00, 0xaeaeae00aeaeae00,
727 0x4141410041414100, 0x2323230023232300, 0xefefef00efefef00,
728 0x6b6b6b006b6b6b00, 0x9393930093939300, 0x4545450045454500,
729 0x1919190019191900, 0xa5a5a500a5a5a500, 0x2121210021212100,
730 0xededed00ededed00, 0x0e0e0e000e0e0e00, 0x4f4f4f004f4f4f00,
731 0x4e4e4e004e4e4e00, 0x1d1d1d001d1d1d00, 0x6565650065656500,
732 0x9292920092929200, 0xbdbdbd00bdbdbd00, 0x8686860086868600,
733 0xb8b8b800b8b8b800, 0xafafaf00afafaf00, 0x8f8f8f008f8f8f00,
734 0x7c7c7c007c7c7c00, 0xebebeb00ebebeb00, 0x1f1f1f001f1f1f00,
735 0xcecece00cecece00, 0x3e3e3e003e3e3e00, 0x3030300030303000,
736 0xdcdcdc00dcdcdc00, 0x5f5f5f005f5f5f00, 0x5e5e5e005e5e5e00,
737 0xc5c5c500c5c5c500, 0x0b0b0b000b0b0b00, 0x1a1a1a001a1a1a00,
738 0xa6a6a600a6a6a600, 0xe1e1e100e1e1e100, 0x3939390039393900,
739 0xcacaca00cacaca00, 0xd5d5d500d5d5d500, 0x4747470047474700,
740 0x5d5d5d005d5d5d00, 0x3d3d3d003d3d3d00, 0xd9d9d900d9d9d900,
741 0x0101010001010100, 0x5a5a5a005a5a5a00, 0xd6d6d600d6d6d600,
742 0x5151510051515100, 0x5656560056565600, 0x6c6c6c006c6c6c00,
743 0x4d4d4d004d4d4d00, 0x8b8b8b008b8b8b00, 0x0d0d0d000d0d0d00,
744 0x9a9a9a009a9a9a00, 0x6666660066666600, 0xfbfbfb00fbfbfb00,
745 0xcccccc00cccccc00, 0xb0b0b000b0b0b000, 0x2d2d2d002d2d2d00,
746 0x7474740074747400, 0x1212120012121200, 0x2b2b2b002b2b2b00,
747 0x2020200020202000, 0xf0f0f000f0f0f000, 0xb1b1b100b1b1b100,
748 0x8484840084848400, 0x9999990099999900, 0xdfdfdf00dfdfdf00,
749 0x4c4c4c004c4c4c00, 0xcbcbcb00cbcbcb00, 0xc2c2c200c2c2c200,
750 0x3434340034343400, 0x7e7e7e007e7e7e00, 0x7676760076767600,
751 0x0505050005050500, 0x6d6d6d006d6d6d00, 0xb7b7b700b7b7b700,
752 0xa9a9a900a9a9a900, 0x3131310031313100, 0xd1d1d100d1d1d100,
753 0x1717170017171700, 0x0404040004040400, 0xd7d7d700d7d7d700,
754 0x1414140014141400, 0x5858580058585800, 0x3a3a3a003a3a3a00,
755 0x6161610061616100, 0xdedede00dedede00, 0x1b1b1b001b1b1b00,
756 0x1111110011111100, 0x1c1c1c001c1c1c00, 0x3232320032323200,
757 0x0f0f0f000f0f0f00, 0x9c9c9c009c9c9c00, 0x1616160016161600,
758 0x5353530053535300, 0x1818180018181800, 0xf2f2f200f2f2f200,
759 0x2222220022222200, 0xfefefe00fefefe00, 0x4444440044444400,
760 0xcfcfcf00cfcfcf00, 0xb2b2b200b2b2b200, 0xc3c3c300c3c3c300,
761 0xb5b5b500b5b5b500, 0x7a7a7a007a7a7a00, 0x9191910091919100,
762 0x2424240024242400, 0x0808080008080800, 0xe8e8e800e8e8e800,
763 0xa8a8a800a8a8a800, 0x6060600060606000, 0xfcfcfc00fcfcfc00,
764 0x6969690069696900, 0x5050500050505000, 0xaaaaaa00aaaaaa00,
765 0xd0d0d000d0d0d000, 0xa0a0a000a0a0a000, 0x7d7d7d007d7d7d00,
766 0xa1a1a100a1a1a100, 0x8989890089898900, 0x6262620062626200,
767 0x9797970097979700, 0x5454540054545400, 0x5b5b5b005b5b5b00,
768 0x1e1e1e001e1e1e00, 0x9595950095959500, 0xe0e0e000e0e0e000,
769 0xffffff00ffffff00, 0x6464640064646400, 0xd2d2d200d2d2d200,
770 0x1010100010101000, 0xc4c4c400c4c4c400, 0x0000000000000000,
771 0x4848480048484800, 0xa3a3a300a3a3a300, 0xf7f7f700f7f7f700,
772 0x7575750075757500, 0xdbdbdb00dbdbdb00, 0x8a8a8a008a8a8a00,
773 0x0303030003030300, 0xe6e6e600e6e6e600, 0xdadada00dadada00,
774 0x0909090009090900, 0x3f3f3f003f3f3f00, 0xdddddd00dddddd00,
775 0x9494940094949400, 0x8787870087878700, 0x5c5c5c005c5c5c00,
776 0x8383830083838300, 0x0202020002020200, 0xcdcdcd00cdcdcd00,
777 0x4a4a4a004a4a4a00, 0x9090900090909000, 0x3333330033333300,
778 0x7373730073737300, 0x6767670067676700, 0xf6f6f600f6f6f600,
779 0xf3f3f300f3f3f300, 0x9d9d9d009d9d9d00, 0x7f7f7f007f7f7f00,
780 0xbfbfbf00bfbfbf00, 0xe2e2e200e2e2e200, 0x5252520052525200,
781 0x9b9b9b009b9b9b00, 0xd8d8d800d8d8d800, 0x2626260026262600,
782 0xc8c8c800c8c8c800, 0x3737370037373700, 0xc6c6c600c6c6c600,
783 0x3b3b3b003b3b3b00, 0x8181810081818100, 0x9696960096969600,
784 0x6f6f6f006f6f6f00, 0x4b4b4b004b4b4b00, 0x1313130013131300,
785 0xbebebe00bebebe00, 0x6363630063636300, 0x2e2e2e002e2e2e00,
786 0xe9e9e900e9e9e900, 0x7979790079797900, 0xa7a7a700a7a7a700,
787 0x8c8c8c008c8c8c00, 0x9f9f9f009f9f9f00, 0x6e6e6e006e6e6e00,
788 0xbcbcbc00bcbcbc00, 0x8e8e8e008e8e8e00, 0x2929290029292900,
789 0xf5f5f500f5f5f500, 0xf9f9f900f9f9f900, 0xb6b6b600b6b6b600,
790 0x2f2f2f002f2f2f00, 0xfdfdfd00fdfdfd00, 0xb4b4b400b4b4b400,
791 0x5959590059595900, 0x7878780078787800, 0x9898980098989800,
792 0x0606060006060600, 0x6a6a6a006a6a6a00, 0xe7e7e700e7e7e700,
793 0x4646460046464600, 0x7171710071717100, 0xbababa00bababa00,
794 0xd4d4d400d4d4d400, 0x2525250025252500, 0xababab00ababab00,
795 0x4242420042424200, 0x8888880088888800, 0xa2a2a200a2a2a200,
796 0x8d8d8d008d8d8d00, 0xfafafa00fafafa00, 0x7272720072727200,
797 0x0707070007070700, 0xb9b9b900b9b9b900, 0x5555550055555500,
798 0xf8f8f800f8f8f800, 0xeeeeee00eeeeee00, 0xacacac00acacac00,
799 0x0a0a0a000a0a0a00, 0x3636360036363600, 0x4949490049494900,
800 0x2a2a2a002a2a2a00, 0x6868680068686800, 0x3c3c3c003c3c3c00,
801 0x3838380038383800, 0xf1f1f100f1f1f100, 0xa4a4a400a4a4a400,
802 0x4040400040404000, 0x2828280028282800, 0xd3d3d300d3d3d300,
803 0x7b7b7b007b7b7b00, 0xbbbbbb00bbbbbb00, 0xc9c9c900c9c9c900,
804 0x4343430043434300, 0xc1c1c100c1c1c100, 0x1515150015151500,
805 0xe3e3e300e3e3e300, 0xadadad00adadad00, 0xf4f4f400f4f4f400,
806 0x7777770077777700, 0xc7c7c700c7c7c700, 0x8080800080808000,
807 0x9e9e9e009e9e9e00,
808};
809
810/* key constants */
811#define CAMELLIA_SIGMA1L (0xA09E667FL)
812#define CAMELLIA_SIGMA1R (0x3BCC908BL)
813#define CAMELLIA_SIGMA2L (0xB67AE858L)
814#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
815#define CAMELLIA_SIGMA3L (0xC6EF372FL)
816#define CAMELLIA_SIGMA3R (0xE94F82BEL)
817#define CAMELLIA_SIGMA4L (0x54FF53A5L)
818#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
819#define CAMELLIA_SIGMA5L (0x10E527FAL)
820#define CAMELLIA_SIGMA5R (0xDE682D1DL)
821#define CAMELLIA_SIGMA6L (0xB05688C2L)
822#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
823
824/* macros */
825#define ROLDQ(l, r, bits) ({ \
826 u64 t = l; \
827 l = (l << bits) | (r >> (64 - bits)); \
828 r = (r << bits) | (t >> (64 - bits)); \
829})
830
831#define CAMELLIA_F(x, kl, kr, y) ({ \
832 u64 ii = x ^ (((u64)kl << 32) | kr); \
833 y = camellia_sp11101110[(uint8_t)ii]; \
834 y ^= camellia_sp44044404[(uint8_t)(ii >> 8)]; \
835 ii >>= 16; \
836 y ^= camellia_sp30333033[(uint8_t)ii]; \
837 y ^= camellia_sp02220222[(uint8_t)(ii >> 8)]; \
838 ii >>= 16; \
839 y ^= camellia_sp00444404[(uint8_t)ii]; \
840 y ^= camellia_sp03303033[(uint8_t)(ii >> 8)]; \
841 ii >>= 16; \
842 y ^= camellia_sp22000222[(uint8_t)ii]; \
843 y ^= camellia_sp10011110[(uint8_t)(ii >> 8)]; \
844 y = ror64(y, 32); \
845})
846
847#define SET_SUBKEY_LR(INDEX, sRL) (subkey[(INDEX)] = ror64((sRL), 32))
848
849static void camellia_setup_tail(u64 *subkey, u64 *subRL, int max)
850{
851 u64 kw4, tt;
852 u32 dw, tl, tr;
853
854 /* absorb kw2 to other subkeys */
855 /* round 2 */
856 subRL[3] ^= subRL[1];
857 /* round 4 */
858 subRL[5] ^= subRL[1];
859 /* round 6 */
860 subRL[7] ^= subRL[1];
861
862 subRL[1] ^= (subRL[1] & ~subRL[9]) << 32;
863 /* modified for FLinv(kl2) */
864 dw = (subRL[1] & subRL[9]) >> 32,
865 subRL[1] ^= rol32(dw, 1);
866
867 /* round 8 */
868 subRL[11] ^= subRL[1];
869 /* round 10 */
870 subRL[13] ^= subRL[1];
871 /* round 12 */
872 subRL[15] ^= subRL[1];
873
874 subRL[1] ^= (subRL[1] & ~subRL[17]) << 32;
875 /* modified for FLinv(kl4) */
876 dw = (subRL[1] & subRL[17]) >> 32,
877 subRL[1] ^= rol32(dw, 1);
878
879 /* round 14 */
880 subRL[19] ^= subRL[1];
881 /* round 16 */
882 subRL[21] ^= subRL[1];
883 /* round 18 */
884 subRL[23] ^= subRL[1];
885
886 if (max == 24) {
887 /* kw3 */
888 subRL[24] ^= subRL[1];
889
890 /* absorb kw4 to other subkeys */
891 kw4 = subRL[25];
892 } else {
893 subRL[1] ^= (subRL[1] & ~subRL[25]) << 32;
894 /* modified for FLinv(kl6) */
895 dw = (subRL[1] & subRL[25]) >> 32,
896 subRL[1] ^= rol32(dw, 1);
897
898 /* round 20 */
899 subRL[27] ^= subRL[1];
900 /* round 22 */
901 subRL[29] ^= subRL[1];
902 /* round 24 */
903 subRL[31] ^= subRL[1];
904 /* kw3 */
905 subRL[32] ^= subRL[1];
906
907 /* absorb kw4 to other subkeys */
908 kw4 = subRL[33];
909 /* round 23 */
910 subRL[30] ^= kw4;
911 /* round 21 */
912 subRL[28] ^= kw4;
913 /* round 19 */
914 subRL[26] ^= kw4;
915
916 kw4 ^= (kw4 & ~subRL[24]) << 32;
917 /* modified for FL(kl5) */
918 dw = (kw4 & subRL[24]) >> 32,
919 kw4 ^= rol32(dw, 1);
920 }
921
922 /* round 17 */
923 subRL[22] ^= kw4;
924 /* round 15 */
925 subRL[20] ^= kw4;
926 /* round 13 */
927 subRL[18] ^= kw4;
928
929 kw4 ^= (kw4 & ~subRL[16]) << 32;
930 /* modified for FL(kl3) */
931 dw = (kw4 & subRL[16]) >> 32,
932 kw4 ^= rol32(dw, 1);
933
934 /* round 11 */
935 subRL[14] ^= kw4;
936 /* round 9 */
937 subRL[12] ^= kw4;
938 /* round 7 */
939 subRL[10] ^= kw4;
940
941 kw4 ^= (kw4 & ~subRL[8]) << 32;
942 /* modified for FL(kl1) */
943 dw = (kw4 & subRL[8]) >> 32,
944 kw4 ^= rol32(dw, 1);
945
946 /* round 5 */
947 subRL[6] ^= kw4;
948 /* round 3 */
949 subRL[4] ^= kw4;
950 /* round 1 */
951 subRL[2] ^= kw4;
952 /* kw1 */
953 subRL[0] ^= kw4;
954
955 /* key XOR is end of F-function */
956 SET_SUBKEY_LR(0, subRL[0] ^ subRL[2]); /* kw1 */
957 SET_SUBKEY_LR(2, subRL[3]); /* round 1 */
958 SET_SUBKEY_LR(3, subRL[2] ^ subRL[4]); /* round 2 */
959 SET_SUBKEY_LR(4, subRL[3] ^ subRL[5]); /* round 3 */
960 SET_SUBKEY_LR(5, subRL[4] ^ subRL[6]); /* round 4 */
961 SET_SUBKEY_LR(6, subRL[5] ^ subRL[7]); /* round 5 */
962
963 tl = (subRL[10] >> 32) ^ (subRL[10] & ~subRL[8]);
964 dw = tl & (subRL[8] >> 32), /* FL(kl1) */
965 tr = subRL[10] ^ rol32(dw, 1);
966 tt = (tr | ((u64)tl << 32));
967
968 SET_SUBKEY_LR(7, subRL[6] ^ tt); /* round 6 */
969 SET_SUBKEY_LR(8, subRL[8]); /* FL(kl1) */
970 SET_SUBKEY_LR(9, subRL[9]); /* FLinv(kl2) */
971
972 tl = (subRL[7] >> 32) ^ (subRL[7] & ~subRL[9]);
973 dw = tl & (subRL[9] >> 32), /* FLinv(kl2) */
974 tr = subRL[7] ^ rol32(dw, 1);
975 tt = (tr | ((u64)tl << 32));
976
977 SET_SUBKEY_LR(10, subRL[11] ^ tt); /* round 7 */
978 SET_SUBKEY_LR(11, subRL[10] ^ subRL[12]); /* round 8 */
979 SET_SUBKEY_LR(12, subRL[11] ^ subRL[13]); /* round 9 */
980 SET_SUBKEY_LR(13, subRL[12] ^ subRL[14]); /* round 10 */
981 SET_SUBKEY_LR(14, subRL[13] ^ subRL[15]); /* round 11 */
982
983 tl = (subRL[18] >> 32) ^ (subRL[18] & ~subRL[16]);
984 dw = tl & (subRL[16] >> 32), /* FL(kl3) */
985 tr = subRL[18] ^ rol32(dw, 1);
986 tt = (tr | ((u64)tl << 32));
987
988 SET_SUBKEY_LR(15, subRL[14] ^ tt); /* round 12 */
989 SET_SUBKEY_LR(16, subRL[16]); /* FL(kl3) */
990 SET_SUBKEY_LR(17, subRL[17]); /* FLinv(kl4) */
991
992 tl = (subRL[15] >> 32) ^ (subRL[15] & ~subRL[17]);
993 dw = tl & (subRL[17] >> 32), /* FLinv(kl4) */
994 tr = subRL[15] ^ rol32(dw, 1);
995 tt = (tr | ((u64)tl << 32));
996
997 SET_SUBKEY_LR(18, subRL[19] ^ tt); /* round 13 */
998 SET_SUBKEY_LR(19, subRL[18] ^ subRL[20]); /* round 14 */
999 SET_SUBKEY_LR(20, subRL[19] ^ subRL[21]); /* round 15 */
1000 SET_SUBKEY_LR(21, subRL[20] ^ subRL[22]); /* round 16 */
1001 SET_SUBKEY_LR(22, subRL[21] ^ subRL[23]); /* round 17 */
1002
1003 if (max == 24) {
1004 SET_SUBKEY_LR(23, subRL[22]); /* round 18 */
1005 SET_SUBKEY_LR(24, subRL[24] ^ subRL[23]); /* kw3 */
1006 } else {
1007 tl = (subRL[26] >> 32) ^ (subRL[26] & ~subRL[24]);
1008 dw = tl & (subRL[24] >> 32), /* FL(kl5) */
1009 tr = subRL[26] ^ rol32(dw, 1);
1010 tt = (tr | ((u64)tl << 32));
1011
1012 SET_SUBKEY_LR(23, subRL[22] ^ tt); /* round 18 */
1013 SET_SUBKEY_LR(24, subRL[24]); /* FL(kl5) */
1014 SET_SUBKEY_LR(25, subRL[25]); /* FLinv(kl6) */
1015
1016 tl = (subRL[23] >> 32) ^ (subRL[23] & ~subRL[25]);
1017 dw = tl & (subRL[25] >> 32), /* FLinv(kl6) */
1018 tr = subRL[23] ^ rol32(dw, 1);
1019 tt = (tr | ((u64)tl << 32));
1020
1021 SET_SUBKEY_LR(26, subRL[27] ^ tt); /* round 19 */
1022 SET_SUBKEY_LR(27, subRL[26] ^ subRL[28]); /* round 20 */
1023 SET_SUBKEY_LR(28, subRL[27] ^ subRL[29]); /* round 21 */
1024 SET_SUBKEY_LR(29, subRL[28] ^ subRL[30]); /* round 22 */
1025 SET_SUBKEY_LR(30, subRL[29] ^ subRL[31]); /* round 23 */
1026 SET_SUBKEY_LR(31, subRL[30]); /* round 24 */
1027 SET_SUBKEY_LR(32, subRL[32] ^ subRL[31]); /* kw3 */
1028 }
1029}
1030
1031static void camellia_setup128(const unsigned char *key, u64 *subkey)
1032{
1033 u64 kl, kr, ww;
1034 u64 subRL[26];
1035
1036 /**
1037 * k == kl || kr (|| is concatenation)
1038 */
1039 kl = get_unaligned_be64(key);
1040 kr = get_unaligned_be64(key + 8);
1041
1042 /* generate KL dependent subkeys */
1043 /* kw1 */
1044 subRL[0] = kl;
1045 /* kw2 */
1046 subRL[1] = kr;
1047
1048 /* rotation left shift 15bit */
1049 ROLDQ(kl, kr, 15);
1050
1051 /* k3 */
1052 subRL[4] = kl;
1053 /* k4 */
1054 subRL[5] = kr;
1055
1056 /* rotation left shift 15+30bit */
1057 ROLDQ(kl, kr, 30);
1058
1059 /* k7 */
1060 subRL[10] = kl;
1061 /* k8 */
1062 subRL[11] = kr;
1063
1064 /* rotation left shift 15+30+15bit */
1065 ROLDQ(kl, kr, 15);
1066
1067 /* k10 */
1068 subRL[13] = kr;
1069 /* rotation left shift 15+30+15+17 bit */
1070 ROLDQ(kl, kr, 17);
1071
1072 /* kl3 */
1073 subRL[16] = kl;
1074 /* kl4 */
1075 subRL[17] = kr;
1076
1077 /* rotation left shift 15+30+15+17+17 bit */
1078 ROLDQ(kl, kr, 17);
1079
1080 /* k13 */
1081 subRL[18] = kl;
1082 /* k14 */
1083 subRL[19] = kr;
1084
1085 /* rotation left shift 15+30+15+17+17+17 bit */
1086 ROLDQ(kl, kr, 17);
1087
1088 /* k17 */
1089 subRL[22] = kl;
1090 /* k18 */
1091 subRL[23] = kr;
1092
1093 /* generate KA */
1094 kl = subRL[0];
1095 kr = subRL[1];
1096 CAMELLIA_F(kl, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, ww);
1097 kr ^= ww;
1098 CAMELLIA_F(kr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kl);
1099
1100 /* current status == (kll, klr, w0, w1) */
1101 CAMELLIA_F(kl, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, kr);
1102 kr ^= ww;
1103 CAMELLIA_F(kr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, ww);
1104 kl ^= ww;
1105
1106 /* generate KA dependent subkeys */
1107 /* k1, k2 */
1108 subRL[2] = kl;
1109 subRL[3] = kr;
1110 ROLDQ(kl, kr, 15);
1111 /* k5,k6 */
1112 subRL[6] = kl;
1113 subRL[7] = kr;
1114 ROLDQ(kl, kr, 15);
1115 /* kl1, kl2 */
1116 subRL[8] = kl;
1117 subRL[9] = kr;
1118 ROLDQ(kl, kr, 15);
1119 /* k9 */
1120 subRL[12] = kl;
1121 ROLDQ(kl, kr, 15);
1122 /* k11, k12 */
1123 subRL[14] = kl;
1124 subRL[15] = kr;
1125 ROLDQ(kl, kr, 34);
1126 /* k15, k16 */
1127 subRL[20] = kl;
1128 subRL[21] = kr;
1129 ROLDQ(kl, kr, 17);
1130 /* kw3, kw4 */
1131 subRL[24] = kl;
1132 subRL[25] = kr;
1133
1134 camellia_setup_tail(subkey, subRL, 24);
1135}
1136
1137static void camellia_setup256(const unsigned char *key, u64 *subkey)
1138{
1139 u64 kl, kr; /* left half of key */
1140 u64 krl, krr; /* right half of key */
1141 u64 ww; /* temporary variables */
1142 u64 subRL[34];
1143
1144 /**
1145 * key = (kl || kr || krl || krr) (|| is concatenation)
1146 */
1147 kl = get_unaligned_be64(key);
1148 kr = get_unaligned_be64(key + 8);
1149 krl = get_unaligned_be64(key + 16);
1150 krr = get_unaligned_be64(key + 24);
1151
1152 /* generate KL dependent subkeys */
1153 /* kw1 */
1154 subRL[0] = kl;
1155 /* kw2 */
1156 subRL[1] = kr;
1157 ROLDQ(kl, kr, 45);
1158 /* k9 */
1159 subRL[12] = kl;
1160 /* k10 */
1161 subRL[13] = kr;
1162 ROLDQ(kl, kr, 15);
1163 /* kl3 */
1164 subRL[16] = kl;
1165 /* kl4 */
1166 subRL[17] = kr;
1167 ROLDQ(kl, kr, 17);
1168 /* k17 */
1169 subRL[22] = kl;
1170 /* k18 */
1171 subRL[23] = kr;
1172 ROLDQ(kl, kr, 34);
1173 /* k23 */
1174 subRL[30] = kl;
1175 /* k24 */
1176 subRL[31] = kr;
1177
1178 /* generate KR dependent subkeys */
1179 ROLDQ(krl, krr, 15);
1180 /* k3 */
1181 subRL[4] = krl;
1182 /* k4 */
1183 subRL[5] = krr;
1184 ROLDQ(krl, krr, 15);
1185 /* kl1 */
1186 subRL[8] = krl;
1187 /* kl2 */
1188 subRL[9] = krr;
1189 ROLDQ(krl, krr, 30);
1190 /* k13 */
1191 subRL[18] = krl;
1192 /* k14 */
1193 subRL[19] = krr;
1194 ROLDQ(krl, krr, 34);
1195 /* k19 */
1196 subRL[26] = krl;
1197 /* k20 */
1198 subRL[27] = krr;
1199 ROLDQ(krl, krr, 34);
1200
1201 /* generate KA */
1202 kl = subRL[0] ^ krl;
1203 kr = subRL[1] ^ krr;
1204
1205 CAMELLIA_F(kl, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, ww);
1206 kr ^= ww;
1207 CAMELLIA_F(kr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kl);
1208 kl ^= krl;
1209 CAMELLIA_F(kl, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, kr);
1210 kr ^= ww ^ krr;
1211 CAMELLIA_F(kr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, ww);
1212 kl ^= ww;
1213
1214 /* generate KB */
1215 krl ^= kl;
1216 krr ^= kr;
1217 CAMELLIA_F(krl, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, ww);
1218 krr ^= ww;
1219 CAMELLIA_F(krr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, ww);
1220 krl ^= ww;
1221
1222 /* generate KA dependent subkeys */
1223 ROLDQ(kl, kr, 15);
1224 /* k5 */
1225 subRL[6] = kl;
1226 /* k6 */
1227 subRL[7] = kr;
1228 ROLDQ(kl, kr, 30);
1229 /* k11 */
1230 subRL[14] = kl;
1231 /* k12 */
1232 subRL[15] = kr;
1233 /* rotation left shift 32bit */
1234 ROLDQ(kl, kr, 32);
1235 /* kl5 */
1236 subRL[24] = kl;
1237 /* kl6 */
1238 subRL[25] = kr;
1239 /* rotation left shift 17 from k11,k12 -> k21,k22 */
1240 ROLDQ(kl, kr, 17);
1241 /* k21 */
1242 subRL[28] = kl;
1243 /* k22 */
1244 subRL[29] = kr;
1245
1246 /* generate KB dependent subkeys */
1247 /* k1 */
1248 subRL[2] = krl;
1249 /* k2 */
1250 subRL[3] = krr;
1251 ROLDQ(krl, krr, 30);
1252 /* k7 */
1253 subRL[10] = krl;
1254 /* k8 */
1255 subRL[11] = krr;
1256 ROLDQ(krl, krr, 30);
1257 /* k15 */
1258 subRL[20] = krl;
1259 /* k16 */
1260 subRL[21] = krr;
1261 ROLDQ(krl, krr, 51);
1262 /* kw3 */
1263 subRL[32] = krl;
1264 /* kw4 */
1265 subRL[33] = krr;
1266
1267 camellia_setup_tail(subkey, subRL, 32);
1268}
1269
1270static void camellia_setup192(const unsigned char *key, u64 *subkey)
1271{
1272 unsigned char kk[32];
1273 u64 krl, krr;
1274
1275 memcpy(kk, key, 24);
1276 memcpy((unsigned char *)&krl, key+16, 8);
1277 krr = ~krl;
1278 memcpy(kk+24, (unsigned char *)&krr, 8);
1279 camellia_setup256(kk, subkey);
1280}
1281
1282static int __camellia_setkey(struct camellia_ctx *cctx,
1283 const unsigned char *key,
1284 unsigned int key_len, u32 *flags)
1285{
1286 if (key_len != 16 && key_len != 24 && key_len != 32) {
1287 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1288 return -EINVAL;
1289 }
1290
1291 cctx->key_length = key_len;
1292
1293 switch (key_len) {
1294 case 16:
1295 camellia_setup128(key, cctx->key_table);
1296 break;
1297 case 24:
1298 camellia_setup192(key, cctx->key_table);
1299 break;
1300 case 32:
1301 camellia_setup256(key, cctx->key_table);
1302 break;
1303 }
1304
1305 return 0;
1306}
1307
1308static int camellia_setkey(struct crypto_tfm *tfm, const u8 *in_key,
1309 unsigned int key_len)
1310{
1311 return __camellia_setkey(crypto_tfm_ctx(tfm), in_key, key_len,
1312 &tfm->crt_flags);
1313}
1314
1315static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
1316 void (*fn)(struct camellia_ctx *, u8 *, const u8 *),
1317 void (*fn_2way)(struct camellia_ctx *, u8 *, const u8 *))
1318{
1319 struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1320 unsigned int bsize = CAMELLIA_BLOCK_SIZE;
1321 unsigned int nbytes;
1322 int err;
1323
1324 err = blkcipher_walk_virt(desc, walk);
1325
1326 while ((nbytes = walk->nbytes)) {
1327 u8 *wsrc = walk->src.virt.addr;
1328 u8 *wdst = walk->dst.virt.addr;
1329
1330 /* Process two block batch */
1331 if (nbytes >= bsize * 2) {
1332 do {
1333 fn_2way(ctx, wdst, wsrc);
1334
1335 wsrc += bsize * 2;
1336 wdst += bsize * 2;
1337 nbytes -= bsize * 2;
1338 } while (nbytes >= bsize * 2);
1339
1340 if (nbytes < bsize)
1341 goto done;
1342 }
1343
1344 /* Handle leftovers */
1345 do {
1346 fn(ctx, wdst, wsrc);
1347
1348 wsrc += bsize;
1349 wdst += bsize;
1350 nbytes -= bsize;
1351 } while (nbytes >= bsize);
1352
1353done:
1354 err = blkcipher_walk_done(desc, walk, nbytes);
1355 }
1356
1357 return err;
1358}
1359
1360static int ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1361 struct scatterlist *src, unsigned int nbytes)
1362{
1363 struct blkcipher_walk walk;
1364
1365 blkcipher_walk_init(&walk, dst, src, nbytes);
1366 return ecb_crypt(desc, &walk, camellia_enc_blk, camellia_enc_blk_2way);
1367}
1368
1369static int ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1370 struct scatterlist *src, unsigned int nbytes)
1371{
1372 struct blkcipher_walk walk;
1373
1374 blkcipher_walk_init(&walk, dst, src, nbytes);
1375 return ecb_crypt(desc, &walk, camellia_dec_blk, camellia_dec_blk_2way);
1376}
1377
1378static unsigned int __cbc_encrypt(struct blkcipher_desc *desc,
1379 struct blkcipher_walk *walk)
1380{
1381 struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1382 unsigned int bsize = CAMELLIA_BLOCK_SIZE;
1383 unsigned int nbytes = walk->nbytes;
1384 u128 *src = (u128 *)walk->src.virt.addr;
1385 u128 *dst = (u128 *)walk->dst.virt.addr;
1386 u128 *iv = (u128 *)walk->iv;
1387
1388 do {
1389 u128_xor(dst, src, iv);
1390 camellia_enc_blk(ctx, (u8 *)dst, (u8 *)dst);
1391 iv = dst;
1392
1393 src += 1;
1394 dst += 1;
1395 nbytes -= bsize;
1396 } while (nbytes >= bsize);
1397
1398 u128_xor((u128 *)walk->iv, (u128 *)walk->iv, iv);
1399 return nbytes;
1400}
1401
1402static int cbc_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1403 struct scatterlist *src, unsigned int nbytes)
1404{
1405 struct blkcipher_walk walk;
1406 int err;
1407
1408 blkcipher_walk_init(&walk, dst, src, nbytes);
1409 err = blkcipher_walk_virt(desc, &walk);
1410
1411 while ((nbytes = walk.nbytes)) {
1412 nbytes = __cbc_encrypt(desc, &walk);
1413 err = blkcipher_walk_done(desc, &walk, nbytes);
1414 }
1415
1416 return err;
1417}
1418
1419static unsigned int __cbc_decrypt(struct blkcipher_desc *desc,
1420 struct blkcipher_walk *walk)
1421{
1422 struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1423 unsigned int bsize = CAMELLIA_BLOCK_SIZE;
1424 unsigned int nbytes = walk->nbytes;
1425 u128 *src = (u128 *)walk->src.virt.addr;
1426 u128 *dst = (u128 *)walk->dst.virt.addr;
1427 u128 ivs[2 - 1];
1428 u128 last_iv;
1429
1430 /* Start of the last block. */
1431 src += nbytes / bsize - 1;
1432 dst += nbytes / bsize - 1;
1433
1434 last_iv = *src;
1435
1436 /* Process two block batch */
1437 if (nbytes >= bsize * 2) {
1438 do {
1439 nbytes -= bsize * (2 - 1);
1440 src -= 2 - 1;
1441 dst -= 2 - 1;
1442
1443 ivs[0] = src[0];
1444
1445 camellia_dec_blk_2way(ctx, (u8 *)dst, (u8 *)src);
1446
1447 u128_xor(dst + 1, dst + 1, ivs + 0);
1448
1449 nbytes -= bsize;
1450 if (nbytes < bsize)
1451 goto done;
1452
1453 u128_xor(dst, dst, src - 1);
1454 src -= 1;
1455 dst -= 1;
1456 } while (nbytes >= bsize * 2);
1457
1458 if (nbytes < bsize)
1459 goto done;
1460 }
1461
1462 /* Handle leftovers */
1463 for (;;) {
1464 camellia_dec_blk(ctx, (u8 *)dst, (u8 *)src);
1465
1466 nbytes -= bsize;
1467 if (nbytes < bsize)
1468 break;
1469
1470 u128_xor(dst, dst, src - 1);
1471 src -= 1;
1472 dst -= 1;
1473 }
1474
1475done:
1476 u128_xor(dst, dst, (u128 *)walk->iv);
1477 *(u128 *)walk->iv = last_iv;
1478
1479 return nbytes;
1480}
1481
1482static int cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1483 struct scatterlist *src, unsigned int nbytes)
1484{
1485 struct blkcipher_walk walk;
1486 int err;
1487
1488 blkcipher_walk_init(&walk, dst, src, nbytes);
1489 err = blkcipher_walk_virt(desc, &walk);
1490
1491 while ((nbytes = walk.nbytes)) {
1492 nbytes = __cbc_decrypt(desc, &walk);
1493 err = blkcipher_walk_done(desc, &walk, nbytes);
1494 }
1495
1496 return err;
1497}
1498
1499static inline void u128_to_be128(be128 *dst, const u128 *src)
1500{
1501 dst->a = cpu_to_be64(src->a);
1502 dst->b = cpu_to_be64(src->b);
1503}
1504
1505static inline void be128_to_u128(u128 *dst, const be128 *src)
1506{
1507 dst->a = be64_to_cpu(src->a);
1508 dst->b = be64_to_cpu(src->b);
1509}
1510
1511static inline void u128_inc(u128 *i)
1512{
1513 i->b++;
1514 if (!i->b)
1515 i->a++;
1516}
1517
1518static void ctr_crypt_final(struct blkcipher_desc *desc,
1519 struct blkcipher_walk *walk)
1520{
1521 struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1522 u8 keystream[CAMELLIA_BLOCK_SIZE];
1523 u8 *src = walk->src.virt.addr;
1524 u8 *dst = walk->dst.virt.addr;
1525 unsigned int nbytes = walk->nbytes;
1526 u128 ctrblk;
1527
1528 memcpy(keystream, src, nbytes);
1529 camellia_enc_blk_xor(ctx, keystream, walk->iv);
1530 memcpy(dst, keystream, nbytes);
1531
1532 be128_to_u128(&ctrblk, (be128 *)walk->iv);
1533 u128_inc(&ctrblk);
1534 u128_to_be128((be128 *)walk->iv, &ctrblk);
1535}
1536
1537static unsigned int __ctr_crypt(struct blkcipher_desc *desc,
1538 struct blkcipher_walk *walk)
1539{
1540 struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1541 unsigned int bsize = CAMELLIA_BLOCK_SIZE;
1542 unsigned int nbytes = walk->nbytes;
1543 u128 *src = (u128 *)walk->src.virt.addr;
1544 u128 *dst = (u128 *)walk->dst.virt.addr;
1545 u128 ctrblk;
1546 be128 ctrblocks[2];
1547
1548 be128_to_u128(&ctrblk, (be128 *)walk->iv);
1549
1550 /* Process two block batch */
1551 if (nbytes >= bsize * 2) {
1552 do {
1553 if (dst != src) {
1554 dst[0] = src[0];
1555 dst[1] = src[1];
1556 }
1557
1558 /* create ctrblks for parallel encrypt */
1559 u128_to_be128(&ctrblocks[0], &ctrblk);
1560 u128_inc(&ctrblk);
1561 u128_to_be128(&ctrblocks[1], &ctrblk);
1562 u128_inc(&ctrblk);
1563
1564 camellia_enc_blk_xor_2way(ctx, (u8 *)dst,
1565 (u8 *)ctrblocks);
1566
1567 src += 2;
1568 dst += 2;
1569 nbytes -= bsize * 2;
1570 } while (nbytes >= bsize * 2);
1571
1572 if (nbytes < bsize)
1573 goto done;
1574 }
1575
1576 /* Handle leftovers */
1577 do {
1578 if (dst != src)
1579 *dst = *src;
1580
1581 u128_to_be128(&ctrblocks[0], &ctrblk);
1582 u128_inc(&ctrblk);
1583
1584 camellia_enc_blk_xor(ctx, (u8 *)dst, (u8 *)ctrblocks);
1585
1586 src += 1;
1587 dst += 1;
1588 nbytes -= bsize;
1589 } while (nbytes >= bsize);
1590
1591done:
1592 u128_to_be128((be128 *)walk->iv, &ctrblk);
1593 return nbytes;
1594}
1595
1596static int ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1597 struct scatterlist *src, unsigned int nbytes)
1598{
1599 struct blkcipher_walk walk;
1600 int err;
1601
1602 blkcipher_walk_init(&walk, dst, src, nbytes);
1603 err = blkcipher_walk_virt_block(desc, &walk, CAMELLIA_BLOCK_SIZE);
1604
1605 while ((nbytes = walk.nbytes) >= CAMELLIA_BLOCK_SIZE) {
1606 nbytes = __ctr_crypt(desc, &walk);
1607 err = blkcipher_walk_done(desc, &walk, nbytes);
1608 }
1609
1610 if (walk.nbytes) {
1611 ctr_crypt_final(desc, &walk);
1612 err = blkcipher_walk_done(desc, &walk, 0);
1613 }
1614
1615 return err;
1616}
1617
1618static void encrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes)
1619{
1620 const unsigned int bsize = CAMELLIA_BLOCK_SIZE;
1621 struct camellia_ctx *ctx = priv;
1622 int i;
1623
1624 while (nbytes >= 2 * bsize) {
1625 camellia_enc_blk_2way(ctx, srcdst, srcdst);
1626 srcdst += bsize * 2;
1627 nbytes -= bsize * 2;
1628 }
1629
1630 for (i = 0; i < nbytes / bsize; i++, srcdst += bsize)
1631 camellia_enc_blk(ctx, srcdst, srcdst);
1632}
1633
1634static void decrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes)
1635{
1636 const unsigned int bsize = CAMELLIA_BLOCK_SIZE;
1637 struct camellia_ctx *ctx = priv;
1638 int i;
1639
1640 while (nbytes >= 2 * bsize) {
1641 camellia_dec_blk_2way(ctx, srcdst, srcdst);
1642 srcdst += bsize * 2;
1643 nbytes -= bsize * 2;
1644 }
1645
1646 for (i = 0; i < nbytes / bsize; i++, srcdst += bsize)
1647 camellia_dec_blk(ctx, srcdst, srcdst);
1648}
1649
1650struct camellia_lrw_ctx {
1651 struct lrw_table_ctx lrw_table;
1652 struct camellia_ctx camellia_ctx;
1653};
1654
1655static int lrw_camellia_setkey(struct crypto_tfm *tfm, const u8 *key,
1656 unsigned int keylen)
1657{
1658 struct camellia_lrw_ctx *ctx = crypto_tfm_ctx(tfm);
1659 int err;
1660
1661 err = __camellia_setkey(&ctx->camellia_ctx, key,
1662 keylen - CAMELLIA_BLOCK_SIZE,
1663 &tfm->crt_flags);
1664 if (err)
1665 return err;
1666
1667 return lrw_init_table(&ctx->lrw_table,
1668 key + keylen - CAMELLIA_BLOCK_SIZE);
1669}
1670
1671static int lrw_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1672 struct scatterlist *src, unsigned int nbytes)
1673{
1674 struct camellia_lrw_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1675 be128 buf[2 * 4];
1676 struct lrw_crypt_req req = {
1677 .tbuf = buf,
1678 .tbuflen = sizeof(buf),
1679
1680 .table_ctx = &ctx->lrw_table,
1681 .crypt_ctx = &ctx->camellia_ctx,
1682 .crypt_fn = encrypt_callback,
1683 };
1684
1685 return lrw_crypt(desc, dst, src, nbytes, &req);
1686}
1687
1688static int lrw_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1689 struct scatterlist *src, unsigned int nbytes)
1690{
1691 struct camellia_lrw_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1692 be128 buf[2 * 4];
1693 struct lrw_crypt_req req = {
1694 .tbuf = buf,
1695 .tbuflen = sizeof(buf),
1696
1697 .table_ctx = &ctx->lrw_table,
1698 .crypt_ctx = &ctx->camellia_ctx,
1699 .crypt_fn = decrypt_callback,
1700 };
1701
1702 return lrw_crypt(desc, dst, src, nbytes, &req);
1703}
1704
1705static void lrw_exit_tfm(struct crypto_tfm *tfm)
1706{
1707 struct camellia_lrw_ctx *ctx = crypto_tfm_ctx(tfm);
1708
1709 lrw_free_table(&ctx->lrw_table);
1710}
1711
1712struct camellia_xts_ctx {
1713 struct camellia_ctx tweak_ctx;
1714 struct camellia_ctx crypt_ctx;
1715};
1716
1717static int xts_camellia_setkey(struct crypto_tfm *tfm, const u8 *key,
1718 unsigned int keylen)
1719{
1720 struct camellia_xts_ctx *ctx = crypto_tfm_ctx(tfm);
1721 u32 *flags = &tfm->crt_flags;
1722 int err;
1723
1724 /* key consists of keys of equal size concatenated, therefore
1725 * the length must be even
1726 */
1727 if (keylen % 2) {
1728 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1729 return -EINVAL;
1730 }
1731
1732 /* first half of xts-key is for crypt */
1733 err = __camellia_setkey(&ctx->crypt_ctx, key, keylen / 2, flags);
1734 if (err)
1735 return err;
1736
1737 /* second half of xts-key is for tweak */
1738 return __camellia_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2,
1739 flags);
1740}
1741
1742static int xts_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1743 struct scatterlist *src, unsigned int nbytes)
1744{
1745 struct camellia_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1746 be128 buf[2 * 4];
1747 struct xts_crypt_req req = {
1748 .tbuf = buf,
1749 .tbuflen = sizeof(buf),
1750
1751 .tweak_ctx = &ctx->tweak_ctx,
1752 .tweak_fn = XTS_TWEAK_CAST(camellia_enc_blk),
1753 .crypt_ctx = &ctx->crypt_ctx,
1754 .crypt_fn = encrypt_callback,
1755 };
1756
1757 return xts_crypt(desc, dst, src, nbytes, &req);
1758}
1759
1760static int xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
1761 struct scatterlist *src, unsigned int nbytes)
1762{
1763 struct camellia_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
1764 be128 buf[2 * 4];
1765 struct xts_crypt_req req = {
1766 .tbuf = buf,
1767 .tbuflen = sizeof(buf),
1768
1769 .tweak_ctx = &ctx->tweak_ctx,
1770 .tweak_fn = XTS_TWEAK_CAST(camellia_enc_blk),
1771 .crypt_ctx = &ctx->crypt_ctx,
1772 .crypt_fn = decrypt_callback,
1773 };
1774
1775 return xts_crypt(desc, dst, src, nbytes, &req);
1776}
1777
1778static struct crypto_alg camellia_algs[6] = { {
1779 .cra_name = "camellia",
1780 .cra_driver_name = "camellia-asm",
1781 .cra_priority = 200,
1782 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1783 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1784 .cra_ctxsize = sizeof(struct camellia_ctx),
1785 .cra_alignmask = 0,
1786 .cra_module = THIS_MODULE,
1787 .cra_list = LIST_HEAD_INIT(camellia_algs[0].cra_list),
1788 .cra_u = {
1789 .cipher = {
1790 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1791 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1792 .cia_setkey = camellia_setkey,
1793 .cia_encrypt = camellia_encrypt,
1794 .cia_decrypt = camellia_decrypt
1795 }
1796 }
1797}, {
1798 .cra_name = "ecb(camellia)",
1799 .cra_driver_name = "ecb-camellia-asm",
1800 .cra_priority = 300,
1801 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1802 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1803 .cra_ctxsize = sizeof(struct camellia_ctx),
1804 .cra_alignmask = 0,
1805 .cra_type = &crypto_blkcipher_type,
1806 .cra_module = THIS_MODULE,
1807 .cra_list = LIST_HEAD_INIT(camellia_algs[1].cra_list),
1808 .cra_u = {
1809 .blkcipher = {
1810 .min_keysize = CAMELLIA_MIN_KEY_SIZE,
1811 .max_keysize = CAMELLIA_MAX_KEY_SIZE,
1812 .setkey = camellia_setkey,
1813 .encrypt = ecb_encrypt,
1814 .decrypt = ecb_decrypt,
1815 },
1816 },
1817}, {
1818 .cra_name = "cbc(camellia)",
1819 .cra_driver_name = "cbc-camellia-asm",
1820 .cra_priority = 300,
1821 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1822 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1823 .cra_ctxsize = sizeof(struct camellia_ctx),
1824 .cra_alignmask = 0,
1825 .cra_type = &crypto_blkcipher_type,
1826 .cra_module = THIS_MODULE,
1827 .cra_list = LIST_HEAD_INIT(camellia_algs[2].cra_list),
1828 .cra_u = {
1829 .blkcipher = {
1830 .min_keysize = CAMELLIA_MIN_KEY_SIZE,
1831 .max_keysize = CAMELLIA_MAX_KEY_SIZE,
1832 .ivsize = CAMELLIA_BLOCK_SIZE,
1833 .setkey = camellia_setkey,
1834 .encrypt = cbc_encrypt,
1835 .decrypt = cbc_decrypt,
1836 },
1837 },
1838}, {
1839 .cra_name = "ctr(camellia)",
1840 .cra_driver_name = "ctr-camellia-asm",
1841 .cra_priority = 300,
1842 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1843 .cra_blocksize = 1,
1844 .cra_ctxsize = sizeof(struct camellia_ctx),
1845 .cra_alignmask = 0,
1846 .cra_type = &crypto_blkcipher_type,
1847 .cra_module = THIS_MODULE,
1848 .cra_list = LIST_HEAD_INIT(camellia_algs[3].cra_list),
1849 .cra_u = {
1850 .blkcipher = {
1851 .min_keysize = CAMELLIA_MIN_KEY_SIZE,
1852 .max_keysize = CAMELLIA_MAX_KEY_SIZE,
1853 .ivsize = CAMELLIA_BLOCK_SIZE,
1854 .setkey = camellia_setkey,
1855 .encrypt = ctr_crypt,
1856 .decrypt = ctr_crypt,
1857 },
1858 },
1859}, {
1860 .cra_name = "lrw(camellia)",
1861 .cra_driver_name = "lrw-camellia-asm",
1862 .cra_priority = 300,
1863 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1864 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1865 .cra_ctxsize = sizeof(struct camellia_lrw_ctx),
1866 .cra_alignmask = 0,
1867 .cra_type = &crypto_blkcipher_type,
1868 .cra_module = THIS_MODULE,
1869 .cra_list = LIST_HEAD_INIT(camellia_algs[4].cra_list),
1870 .cra_exit = lrw_exit_tfm,
1871 .cra_u = {
1872 .blkcipher = {
1873 .min_keysize = CAMELLIA_MIN_KEY_SIZE +
1874 CAMELLIA_BLOCK_SIZE,
1875 .max_keysize = CAMELLIA_MAX_KEY_SIZE +
1876 CAMELLIA_BLOCK_SIZE,
1877 .ivsize = CAMELLIA_BLOCK_SIZE,
1878 .setkey = lrw_camellia_setkey,
1879 .encrypt = lrw_encrypt,
1880 .decrypt = lrw_decrypt,
1881 },
1882 },
1883}, {
1884 .cra_name = "xts(camellia)",
1885 .cra_driver_name = "xts-camellia-asm",
1886 .cra_priority = 300,
1887 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
1888 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1889 .cra_ctxsize = sizeof(struct camellia_xts_ctx),
1890 .cra_alignmask = 0,
1891 .cra_type = &crypto_blkcipher_type,
1892 .cra_module = THIS_MODULE,
1893 .cra_list = LIST_HEAD_INIT(camellia_algs[5].cra_list),
1894 .cra_u = {
1895 .blkcipher = {
1896 .min_keysize = CAMELLIA_MIN_KEY_SIZE * 2,
1897 .max_keysize = CAMELLIA_MAX_KEY_SIZE * 2,
1898 .ivsize = CAMELLIA_BLOCK_SIZE,
1899 .setkey = xts_camellia_setkey,
1900 .encrypt = xts_encrypt,
1901 .decrypt = xts_decrypt,
1902 },
1903 },
1904} };
1905
1906static bool is_blacklisted_cpu(void)
1907{
1908 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
1909 return false;
1910
1911 if (boot_cpu_data.x86 == 0x0f) {
1912 /*
1913 * On Pentium 4, camellia-asm is slower than original assembler
1914 * implementation because excessive uses of 64bit rotate and
1915 * left-shifts (which are really slow on P4) needed to store and
1916 * handle 128bit block in two 64bit registers.
1917 */
1918 return true;
1919 }
1920
1921 return false;
1922}
1923
1924static int force;
1925module_param(force, int, 0);
1926MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist");
1927
1928int __init init(void)
1929{
1930 if (!force && is_blacklisted_cpu()) {
1931 printk(KERN_INFO
1932 "camellia-x86_64: performance on this CPU "
1933 "would be suboptimal: disabling "
1934 "camellia-x86_64.\n");
1935 return -ENODEV;
1936 }
1937
1938 return crypto_register_algs(camellia_algs, ARRAY_SIZE(camellia_algs));
1939}
1940
1941void __exit fini(void)
1942{
1943 crypto_unregister_algs(camellia_algs, ARRAY_SIZE(camellia_algs));
1944}
1945
1946module_init(init);
1947module_exit(fini);
1948
1949MODULE_LICENSE("GPL");
1950MODULE_DESCRIPTION("Camellia Cipher Algorithm, asm optimized");
1951MODULE_ALIAS("camellia");
1952MODULE_ALIAS("camellia-asm");
diff --git a/arch/x86/crypto/serpent-sse2-i586-asm_32.S b/arch/x86/crypto/serpent-sse2-i586-asm_32.S
index 4e37677ca851..c00053d42f99 100644
--- a/arch/x86/crypto/serpent-sse2-i586-asm_32.S
+++ b/arch/x86/crypto/serpent-sse2-i586-asm_32.S
@@ -463,23 +463,20 @@
463 pand x0, x4; \ 463 pand x0, x4; \
464 pxor x2, x4; 464 pxor x2, x4;
465 465
466#define transpose_4x4(x0, x1, x2, x3, t1, t2, t3) \ 466#define transpose_4x4(x0, x1, x2, x3, t0, t1, t2) \
467 movdqa x2, t3; \
468 movdqa x0, t1; \
469 unpcklps x3, t3; \
470 movdqa x0, t2; \ 467 movdqa x0, t2; \
471 unpcklps x1, t1; \ 468 punpckldq x1, x0; \
472 unpckhps x1, t2; \ 469 punpckhdq x1, t2; \
473 movdqa t3, x1; \ 470 movdqa x2, t1; \
474 unpckhps x3, x2; \ 471 punpckhdq x3, x2; \
475 movdqa t1, x0; \ 472 punpckldq x3, t1; \
476 movhlps t1, x1; \ 473 movdqa x0, x1; \
477 movdqa t2, t1; \ 474 punpcklqdq t1, x0; \
478 movlhps t3, x0; \ 475 punpckhqdq t1, x1; \
479 movlhps x2, t1; \ 476 movdqa t2, x3; \
480 movhlps t2, x2; \ 477 punpcklqdq x2, t2; \
481 movdqa x2, x3; \ 478 punpckhqdq x2, x3; \
482 movdqa t1, x2; 479 movdqa t2, x2;
483 480
484#define read_blocks(in, x0, x1, x2, x3, t0, t1, t2) \ 481#define read_blocks(in, x0, x1, x2, x3, t0, t1, t2) \
485 movdqu (0*4*4)(in), x0; \ 482 movdqu (0*4*4)(in), x0; \
diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
index 7f24a1540821..3ee1ff04d3e9 100644
--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
+++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
@@ -585,23 +585,20 @@
585 get_key(i, 1, RK1); \ 585 get_key(i, 1, RK1); \
586 SBOX ## _2(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, x4 ## 2); \ 586 SBOX ## _2(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, x4 ## 2); \
587 587
588#define transpose_4x4(x0, x1, x2, x3, t1, t2, t3) \ 588#define transpose_4x4(x0, x1, x2, x3, t0, t1, t2) \
589 movdqa x2, t3; \
590 movdqa x0, t1; \
591 unpcklps x3, t3; \
592 movdqa x0, t2; \ 589 movdqa x0, t2; \
593 unpcklps x1, t1; \ 590 punpckldq x1, x0; \
594 unpckhps x1, t2; \ 591 punpckhdq x1, t2; \
595 movdqa t3, x1; \ 592 movdqa x2, t1; \
596 unpckhps x3, x2; \ 593 punpckhdq x3, x2; \
597 movdqa t1, x0; \ 594 punpckldq x3, t1; \
598 movhlps t1, x1; \ 595 movdqa x0, x1; \
599 movdqa t2, t1; \ 596 punpcklqdq t1, x0; \
600 movlhps t3, x0; \ 597 punpckhqdq t1, x1; \
601 movlhps x2, t1; \ 598 movdqa t2, x3; \
602 movhlps t2, x2; \ 599 punpcklqdq x2, t2; \
603 movdqa x2, x3; \ 600 punpckhqdq x2, x3; \
604 movdqa t1, x2; 601 movdqa t2, x2;
605 602
606#define read_blocks(in, x0, x1, x2, x3, t0, t1, t2) \ 603#define read_blocks(in, x0, x1, x2, x3, t0, t1, t2) \
607 movdqu (0*4*4)(in), x0; \ 604 movdqu (0*4*4)(in), x0; \
diff --git a/arch/x86/crypto/serpent_sse2_glue.c b/arch/x86/crypto/serpent_sse2_glue.c
index 7955a9b76b91..4b21be85e0a1 100644
--- a/arch/x86/crypto/serpent_sse2_glue.c
+++ b/arch/x86/crypto/serpent_sse2_glue.c
@@ -145,28 +145,6 @@ static int ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
145 return ecb_crypt(desc, &walk, false); 145 return ecb_crypt(desc, &walk, false);
146} 146}
147 147
148static struct crypto_alg blk_ecb_alg = {
149 .cra_name = "__ecb-serpent-sse2",
150 .cra_driver_name = "__driver-ecb-serpent-sse2",
151 .cra_priority = 0,
152 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
153 .cra_blocksize = SERPENT_BLOCK_SIZE,
154 .cra_ctxsize = sizeof(struct serpent_ctx),
155 .cra_alignmask = 0,
156 .cra_type = &crypto_blkcipher_type,
157 .cra_module = THIS_MODULE,
158 .cra_list = LIST_HEAD_INIT(blk_ecb_alg.cra_list),
159 .cra_u = {
160 .blkcipher = {
161 .min_keysize = SERPENT_MIN_KEY_SIZE,
162 .max_keysize = SERPENT_MAX_KEY_SIZE,
163 .setkey = serpent_setkey,
164 .encrypt = ecb_encrypt,
165 .decrypt = ecb_decrypt,
166 },
167 },
168};
169
170static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 148static unsigned int __cbc_encrypt(struct blkcipher_desc *desc,
171 struct blkcipher_walk *walk) 149 struct blkcipher_walk *walk)
172{ 150{
@@ -295,28 +273,6 @@ static int cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
295 return err; 273 return err;
296} 274}
297 275
298static struct crypto_alg blk_cbc_alg = {
299 .cra_name = "__cbc-serpent-sse2",
300 .cra_driver_name = "__driver-cbc-serpent-sse2",
301 .cra_priority = 0,
302 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
303 .cra_blocksize = SERPENT_BLOCK_SIZE,
304 .cra_ctxsize = sizeof(struct serpent_ctx),
305 .cra_alignmask = 0,
306 .cra_type = &crypto_blkcipher_type,
307 .cra_module = THIS_MODULE,
308 .cra_list = LIST_HEAD_INIT(blk_cbc_alg.cra_list),
309 .cra_u = {
310 .blkcipher = {
311 .min_keysize = SERPENT_MIN_KEY_SIZE,
312 .max_keysize = SERPENT_MAX_KEY_SIZE,
313 .setkey = serpent_setkey,
314 .encrypt = cbc_encrypt,
315 .decrypt = cbc_decrypt,
316 },
317 },
318};
319
320static inline void u128_to_be128(be128 *dst, const u128 *src) 276static inline void u128_to_be128(be128 *dst, const u128 *src)
321{ 277{
322 dst->a = cpu_to_be64(src->a); 278 dst->a = cpu_to_be64(src->a);
@@ -439,29 +395,6 @@ static int ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
439 return err; 395 return err;
440} 396}
441 397
442static struct crypto_alg blk_ctr_alg = {
443 .cra_name = "__ctr-serpent-sse2",
444 .cra_driver_name = "__driver-ctr-serpent-sse2",
445 .cra_priority = 0,
446 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
447 .cra_blocksize = 1,
448 .cra_ctxsize = sizeof(struct serpent_ctx),
449 .cra_alignmask = 0,
450 .cra_type = &crypto_blkcipher_type,
451 .cra_module = THIS_MODULE,
452 .cra_list = LIST_HEAD_INIT(blk_ctr_alg.cra_list),
453 .cra_u = {
454 .blkcipher = {
455 .min_keysize = SERPENT_MIN_KEY_SIZE,
456 .max_keysize = SERPENT_MAX_KEY_SIZE,
457 .ivsize = SERPENT_BLOCK_SIZE,
458 .setkey = serpent_setkey,
459 .encrypt = ctr_crypt,
460 .decrypt = ctr_crypt,
461 },
462 },
463};
464
465struct crypt_priv { 398struct crypt_priv {
466 struct serpent_ctx *ctx; 399 struct serpent_ctx *ctx;
467 bool fpu_enabled; 400 bool fpu_enabled;
@@ -580,32 +513,6 @@ static void lrw_exit_tfm(struct crypto_tfm *tfm)
580 lrw_free_table(&ctx->lrw_table); 513 lrw_free_table(&ctx->lrw_table);
581} 514}
582 515
583static struct crypto_alg blk_lrw_alg = {
584 .cra_name = "__lrw-serpent-sse2",
585 .cra_driver_name = "__driver-lrw-serpent-sse2",
586 .cra_priority = 0,
587 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
588 .cra_blocksize = SERPENT_BLOCK_SIZE,
589 .cra_ctxsize = sizeof(struct serpent_lrw_ctx),
590 .cra_alignmask = 0,
591 .cra_type = &crypto_blkcipher_type,
592 .cra_module = THIS_MODULE,
593 .cra_list = LIST_HEAD_INIT(blk_lrw_alg.cra_list),
594 .cra_exit = lrw_exit_tfm,
595 .cra_u = {
596 .blkcipher = {
597 .min_keysize = SERPENT_MIN_KEY_SIZE +
598 SERPENT_BLOCK_SIZE,
599 .max_keysize = SERPENT_MAX_KEY_SIZE +
600 SERPENT_BLOCK_SIZE,
601 .ivsize = SERPENT_BLOCK_SIZE,
602 .setkey = lrw_serpent_setkey,
603 .encrypt = lrw_encrypt,
604 .decrypt = lrw_decrypt,
605 },
606 },
607};
608
609struct serpent_xts_ctx { 516struct serpent_xts_ctx {
610 struct serpent_ctx tweak_ctx; 517 struct serpent_ctx tweak_ctx;
611 struct serpent_ctx crypt_ctx; 518 struct serpent_ctx crypt_ctx;
@@ -689,29 +596,6 @@ static int xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
689 return ret; 596 return ret;
690} 597}
691 598
692static struct crypto_alg blk_xts_alg = {
693 .cra_name = "__xts-serpent-sse2",
694 .cra_driver_name = "__driver-xts-serpent-sse2",
695 .cra_priority = 0,
696 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
697 .cra_blocksize = SERPENT_BLOCK_SIZE,
698 .cra_ctxsize = sizeof(struct serpent_xts_ctx),
699 .cra_alignmask = 0,
700 .cra_type = &crypto_blkcipher_type,
701 .cra_module = THIS_MODULE,
702 .cra_list = LIST_HEAD_INIT(blk_xts_alg.cra_list),
703 .cra_u = {
704 .blkcipher = {
705 .min_keysize = SERPENT_MIN_KEY_SIZE * 2,
706 .max_keysize = SERPENT_MAX_KEY_SIZE * 2,
707 .ivsize = SERPENT_BLOCK_SIZE,
708 .setkey = xts_serpent_setkey,
709 .encrypt = xts_encrypt,
710 .decrypt = xts_decrypt,
711 },
712 },
713};
714
715static int ablk_set_key(struct crypto_ablkcipher *tfm, const u8 *key, 599static int ablk_set_key(struct crypto_ablkcipher *tfm, const u8 *key,
716 unsigned int key_len) 600 unsigned int key_len)
717{ 601{
@@ -792,28 +676,133 @@ static void ablk_exit(struct crypto_tfm *tfm)
792 cryptd_free_ablkcipher(ctx->cryptd_tfm); 676 cryptd_free_ablkcipher(ctx->cryptd_tfm);
793} 677}
794 678
795static void ablk_init_common(struct crypto_tfm *tfm, 679static int ablk_init(struct crypto_tfm *tfm)
796 struct cryptd_ablkcipher *cryptd_tfm)
797{ 680{
798 struct async_serpent_ctx *ctx = crypto_tfm_ctx(tfm); 681 struct async_serpent_ctx *ctx = crypto_tfm_ctx(tfm);
682 struct cryptd_ablkcipher *cryptd_tfm;
683 char drv_name[CRYPTO_MAX_ALG_NAME];
684
685 snprintf(drv_name, sizeof(drv_name), "__driver-%s",
686 crypto_tfm_alg_driver_name(tfm));
687
688 cryptd_tfm = cryptd_alloc_ablkcipher(drv_name, 0, 0);
689 if (IS_ERR(cryptd_tfm))
690 return PTR_ERR(cryptd_tfm);
799 691
800 ctx->cryptd_tfm = cryptd_tfm; 692 ctx->cryptd_tfm = cryptd_tfm;
801 tfm->crt_ablkcipher.reqsize = sizeof(struct ablkcipher_request) + 693 tfm->crt_ablkcipher.reqsize = sizeof(struct ablkcipher_request) +
802 crypto_ablkcipher_reqsize(&cryptd_tfm->base); 694 crypto_ablkcipher_reqsize(&cryptd_tfm->base);
803}
804
805static int ablk_ecb_init(struct crypto_tfm *tfm)
806{
807 struct cryptd_ablkcipher *cryptd_tfm;
808 695
809 cryptd_tfm = cryptd_alloc_ablkcipher("__driver-ecb-serpent-sse2", 0, 0);
810 if (IS_ERR(cryptd_tfm))
811 return PTR_ERR(cryptd_tfm);
812 ablk_init_common(tfm, cryptd_tfm);
813 return 0; 696 return 0;
814} 697}
815 698
816static struct crypto_alg ablk_ecb_alg = { 699static struct crypto_alg serpent_algs[10] = { {
700 .cra_name = "__ecb-serpent-sse2",
701 .cra_driver_name = "__driver-ecb-serpent-sse2",
702 .cra_priority = 0,
703 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
704 .cra_blocksize = SERPENT_BLOCK_SIZE,
705 .cra_ctxsize = sizeof(struct serpent_ctx),
706 .cra_alignmask = 0,
707 .cra_type = &crypto_blkcipher_type,
708 .cra_module = THIS_MODULE,
709 .cra_list = LIST_HEAD_INIT(serpent_algs[0].cra_list),
710 .cra_u = {
711 .blkcipher = {
712 .min_keysize = SERPENT_MIN_KEY_SIZE,
713 .max_keysize = SERPENT_MAX_KEY_SIZE,
714 .setkey = serpent_setkey,
715 .encrypt = ecb_encrypt,
716 .decrypt = ecb_decrypt,
717 },
718 },
719}, {
720 .cra_name = "__cbc-serpent-sse2",
721 .cra_driver_name = "__driver-cbc-serpent-sse2",
722 .cra_priority = 0,
723 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
724 .cra_blocksize = SERPENT_BLOCK_SIZE,
725 .cra_ctxsize = sizeof(struct serpent_ctx),
726 .cra_alignmask = 0,
727 .cra_type = &crypto_blkcipher_type,
728 .cra_module = THIS_MODULE,
729 .cra_list = LIST_HEAD_INIT(serpent_algs[1].cra_list),
730 .cra_u = {
731 .blkcipher = {
732 .min_keysize = SERPENT_MIN_KEY_SIZE,
733 .max_keysize = SERPENT_MAX_KEY_SIZE,
734 .setkey = serpent_setkey,
735 .encrypt = cbc_encrypt,
736 .decrypt = cbc_decrypt,
737 },
738 },
739}, {
740 .cra_name = "__ctr-serpent-sse2",
741 .cra_driver_name = "__driver-ctr-serpent-sse2",
742 .cra_priority = 0,
743 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
744 .cra_blocksize = 1,
745 .cra_ctxsize = sizeof(struct serpent_ctx),
746 .cra_alignmask = 0,
747 .cra_type = &crypto_blkcipher_type,
748 .cra_module = THIS_MODULE,
749 .cra_list = LIST_HEAD_INIT(serpent_algs[2].cra_list),
750 .cra_u = {
751 .blkcipher = {
752 .min_keysize = SERPENT_MIN_KEY_SIZE,
753 .max_keysize = SERPENT_MAX_KEY_SIZE,
754 .ivsize = SERPENT_BLOCK_SIZE,
755 .setkey = serpent_setkey,
756 .encrypt = ctr_crypt,
757 .decrypt = ctr_crypt,
758 },
759 },
760}, {
761 .cra_name = "__lrw-serpent-sse2",
762 .cra_driver_name = "__driver-lrw-serpent-sse2",
763 .cra_priority = 0,
764 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
765 .cra_blocksize = SERPENT_BLOCK_SIZE,
766 .cra_ctxsize = sizeof(struct serpent_lrw_ctx),
767 .cra_alignmask = 0,
768 .cra_type = &crypto_blkcipher_type,
769 .cra_module = THIS_MODULE,
770 .cra_list = LIST_HEAD_INIT(serpent_algs[3].cra_list),
771 .cra_exit = lrw_exit_tfm,
772 .cra_u = {
773 .blkcipher = {
774 .min_keysize = SERPENT_MIN_KEY_SIZE +
775 SERPENT_BLOCK_SIZE,
776 .max_keysize = SERPENT_MAX_KEY_SIZE +
777 SERPENT_BLOCK_SIZE,
778 .ivsize = SERPENT_BLOCK_SIZE,
779 .setkey = lrw_serpent_setkey,
780 .encrypt = lrw_encrypt,
781 .decrypt = lrw_decrypt,
782 },
783 },
784}, {
785 .cra_name = "__xts-serpent-sse2",
786 .cra_driver_name = "__driver-xts-serpent-sse2",
787 .cra_priority = 0,
788 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
789 .cra_blocksize = SERPENT_BLOCK_SIZE,
790 .cra_ctxsize = sizeof(struct serpent_xts_ctx),
791 .cra_alignmask = 0,
792 .cra_type = &crypto_blkcipher_type,
793 .cra_module = THIS_MODULE,
794 .cra_list = LIST_HEAD_INIT(serpent_algs[4].cra_list),
795 .cra_u = {
796 .blkcipher = {
797 .min_keysize = SERPENT_MIN_KEY_SIZE * 2,
798 .max_keysize = SERPENT_MAX_KEY_SIZE * 2,
799 .ivsize = SERPENT_BLOCK_SIZE,
800 .setkey = xts_serpent_setkey,
801 .encrypt = xts_encrypt,
802 .decrypt = xts_decrypt,
803 },
804 },
805}, {
817 .cra_name = "ecb(serpent)", 806 .cra_name = "ecb(serpent)",
818 .cra_driver_name = "ecb-serpent-sse2", 807 .cra_driver_name = "ecb-serpent-sse2",
819 .cra_priority = 400, 808 .cra_priority = 400,
@@ -823,8 +812,8 @@ static struct crypto_alg ablk_ecb_alg = {
823 .cra_alignmask = 0, 812 .cra_alignmask = 0,
824 .cra_type = &crypto_ablkcipher_type, 813 .cra_type = &crypto_ablkcipher_type,
825 .cra_module = THIS_MODULE, 814 .cra_module = THIS_MODULE,
826 .cra_list = LIST_HEAD_INIT(ablk_ecb_alg.cra_list), 815 .cra_list = LIST_HEAD_INIT(serpent_algs[5].cra_list),
827 .cra_init = ablk_ecb_init, 816 .cra_init = ablk_init,
828 .cra_exit = ablk_exit, 817 .cra_exit = ablk_exit,
829 .cra_u = { 818 .cra_u = {
830 .ablkcipher = { 819 .ablkcipher = {
@@ -835,20 +824,7 @@ static struct crypto_alg ablk_ecb_alg = {
835 .decrypt = ablk_decrypt, 824 .decrypt = ablk_decrypt,
836 }, 825 },
837 }, 826 },
838}; 827}, {
839
840static int ablk_cbc_init(struct crypto_tfm *tfm)
841{
842 struct cryptd_ablkcipher *cryptd_tfm;
843
844 cryptd_tfm = cryptd_alloc_ablkcipher("__driver-cbc-serpent-sse2", 0, 0);
845 if (IS_ERR(cryptd_tfm))
846 return PTR_ERR(cryptd_tfm);
847 ablk_init_common(tfm, cryptd_tfm);
848 return 0;
849}
850
851static struct crypto_alg ablk_cbc_alg = {
852 .cra_name = "cbc(serpent)", 828 .cra_name = "cbc(serpent)",
853 .cra_driver_name = "cbc-serpent-sse2", 829 .cra_driver_name = "cbc-serpent-sse2",
854 .cra_priority = 400, 830 .cra_priority = 400,
@@ -858,8 +834,8 @@ static struct crypto_alg ablk_cbc_alg = {
858 .cra_alignmask = 0, 834 .cra_alignmask = 0,
859 .cra_type = &crypto_ablkcipher_type, 835 .cra_type = &crypto_ablkcipher_type,
860 .cra_module = THIS_MODULE, 836 .cra_module = THIS_MODULE,
861 .cra_list = LIST_HEAD_INIT(ablk_cbc_alg.cra_list), 837 .cra_list = LIST_HEAD_INIT(serpent_algs[6].cra_list),
862 .cra_init = ablk_cbc_init, 838 .cra_init = ablk_init,
863 .cra_exit = ablk_exit, 839 .cra_exit = ablk_exit,
864 .cra_u = { 840 .cra_u = {
865 .ablkcipher = { 841 .ablkcipher = {
@@ -871,20 +847,7 @@ static struct crypto_alg ablk_cbc_alg = {
871 .decrypt = ablk_decrypt, 847 .decrypt = ablk_decrypt,
872 }, 848 },
873 }, 849 },
874}; 850}, {
875
876static int ablk_ctr_init(struct crypto_tfm *tfm)
877{
878 struct cryptd_ablkcipher *cryptd_tfm;
879
880 cryptd_tfm = cryptd_alloc_ablkcipher("__driver-ctr-serpent-sse2", 0, 0);
881 if (IS_ERR(cryptd_tfm))
882 return PTR_ERR(cryptd_tfm);
883 ablk_init_common(tfm, cryptd_tfm);
884 return 0;
885}
886
887static struct crypto_alg ablk_ctr_alg = {
888 .cra_name = "ctr(serpent)", 851 .cra_name = "ctr(serpent)",
889 .cra_driver_name = "ctr-serpent-sse2", 852 .cra_driver_name = "ctr-serpent-sse2",
890 .cra_priority = 400, 853 .cra_priority = 400,
@@ -894,8 +857,8 @@ static struct crypto_alg ablk_ctr_alg = {
894 .cra_alignmask = 0, 857 .cra_alignmask = 0,
895 .cra_type = &crypto_ablkcipher_type, 858 .cra_type = &crypto_ablkcipher_type,
896 .cra_module = THIS_MODULE, 859 .cra_module = THIS_MODULE,
897 .cra_list = LIST_HEAD_INIT(ablk_ctr_alg.cra_list), 860 .cra_list = LIST_HEAD_INIT(serpent_algs[7].cra_list),
898 .cra_init = ablk_ctr_init, 861 .cra_init = ablk_init,
899 .cra_exit = ablk_exit, 862 .cra_exit = ablk_exit,
900 .cra_u = { 863 .cra_u = {
901 .ablkcipher = { 864 .ablkcipher = {
@@ -908,20 +871,7 @@ static struct crypto_alg ablk_ctr_alg = {
908 .geniv = "chainiv", 871 .geniv = "chainiv",
909 }, 872 },
910 }, 873 },
911}; 874}, {
912
913static int ablk_lrw_init(struct crypto_tfm *tfm)
914{
915 struct cryptd_ablkcipher *cryptd_tfm;
916
917 cryptd_tfm = cryptd_alloc_ablkcipher("__driver-lrw-serpent-sse2", 0, 0);
918 if (IS_ERR(cryptd_tfm))
919 return PTR_ERR(cryptd_tfm);
920 ablk_init_common(tfm, cryptd_tfm);
921 return 0;
922}
923
924static struct crypto_alg ablk_lrw_alg = {
925 .cra_name = "lrw(serpent)", 875 .cra_name = "lrw(serpent)",
926 .cra_driver_name = "lrw-serpent-sse2", 876 .cra_driver_name = "lrw-serpent-sse2",
927 .cra_priority = 400, 877 .cra_priority = 400,
@@ -931,8 +881,8 @@ static struct crypto_alg ablk_lrw_alg = {
931 .cra_alignmask = 0, 881 .cra_alignmask = 0,
932 .cra_type = &crypto_ablkcipher_type, 882 .cra_type = &crypto_ablkcipher_type,
933 .cra_module = THIS_MODULE, 883 .cra_module = THIS_MODULE,
934 .cra_list = LIST_HEAD_INIT(ablk_lrw_alg.cra_list), 884 .cra_list = LIST_HEAD_INIT(serpent_algs[8].cra_list),
935 .cra_init = ablk_lrw_init, 885 .cra_init = ablk_init,
936 .cra_exit = ablk_exit, 886 .cra_exit = ablk_exit,
937 .cra_u = { 887 .cra_u = {
938 .ablkcipher = { 888 .ablkcipher = {
@@ -946,20 +896,7 @@ static struct crypto_alg ablk_lrw_alg = {
946 .decrypt = ablk_decrypt, 896 .decrypt = ablk_decrypt,
947 }, 897 },
948 }, 898 },
949}; 899}, {
950
951static int ablk_xts_init(struct crypto_tfm *tfm)
952{
953 struct cryptd_ablkcipher *cryptd_tfm;
954
955 cryptd_tfm = cryptd_alloc_ablkcipher("__driver-xts-serpent-sse2", 0, 0);
956 if (IS_ERR(cryptd_tfm))
957 return PTR_ERR(cryptd_tfm);
958 ablk_init_common(tfm, cryptd_tfm);
959 return 0;
960}
961
962static struct crypto_alg ablk_xts_alg = {
963 .cra_name = "xts(serpent)", 900 .cra_name = "xts(serpent)",
964 .cra_driver_name = "xts-serpent-sse2", 901 .cra_driver_name = "xts-serpent-sse2",
965 .cra_priority = 400, 902 .cra_priority = 400,
@@ -969,8 +906,8 @@ static struct crypto_alg ablk_xts_alg = {
969 .cra_alignmask = 0, 906 .cra_alignmask = 0,
970 .cra_type = &crypto_ablkcipher_type, 907 .cra_type = &crypto_ablkcipher_type,
971 .cra_module = THIS_MODULE, 908 .cra_module = THIS_MODULE,
972 .cra_list = LIST_HEAD_INIT(ablk_xts_alg.cra_list), 909 .cra_list = LIST_HEAD_INIT(serpent_algs[9].cra_list),
973 .cra_init = ablk_xts_init, 910 .cra_init = ablk_init,
974 .cra_exit = ablk_exit, 911 .cra_exit = ablk_exit,
975 .cra_u = { 912 .cra_u = {
976 .ablkcipher = { 913 .ablkcipher = {
@@ -982,84 +919,21 @@ static struct crypto_alg ablk_xts_alg = {
982 .decrypt = ablk_decrypt, 919 .decrypt = ablk_decrypt,
983 }, 920 },
984 }, 921 },
985}; 922} };
986 923
987static int __init serpent_sse2_init(void) 924static int __init serpent_sse2_init(void)
988{ 925{
989 int err;
990
991 if (!cpu_has_xmm2) { 926 if (!cpu_has_xmm2) {
992 printk(KERN_INFO "SSE2 instructions are not detected.\n"); 927 printk(KERN_INFO "SSE2 instructions are not detected.\n");
993 return -ENODEV; 928 return -ENODEV;
994 } 929 }
995 930
996 err = crypto_register_alg(&blk_ecb_alg); 931 return crypto_register_algs(serpent_algs, ARRAY_SIZE(serpent_algs));
997 if (err)
998 goto blk_ecb_err;
999 err = crypto_register_alg(&blk_cbc_alg);
1000 if (err)
1001 goto blk_cbc_err;
1002 err = crypto_register_alg(&blk_ctr_alg);
1003 if (err)
1004 goto blk_ctr_err;
1005 err = crypto_register_alg(&ablk_ecb_alg);
1006 if (err)
1007 goto ablk_ecb_err;
1008 err = crypto_register_alg(&ablk_cbc_alg);
1009 if (err)
1010 goto ablk_cbc_err;
1011 err = crypto_register_alg(&ablk_ctr_alg);
1012 if (err)
1013 goto ablk_ctr_err;
1014 err = crypto_register_alg(&blk_lrw_alg);
1015 if (err)
1016 goto blk_lrw_err;
1017 err = crypto_register_alg(&ablk_lrw_alg);
1018 if (err)
1019 goto ablk_lrw_err;
1020 err = crypto_register_alg(&blk_xts_alg);
1021 if (err)
1022 goto blk_xts_err;
1023 err = crypto_register_alg(&ablk_xts_alg);
1024 if (err)
1025 goto ablk_xts_err;
1026 return err;
1027
1028 crypto_unregister_alg(&ablk_xts_alg);
1029ablk_xts_err:
1030 crypto_unregister_alg(&blk_xts_alg);
1031blk_xts_err:
1032 crypto_unregister_alg(&ablk_lrw_alg);
1033ablk_lrw_err:
1034 crypto_unregister_alg(&blk_lrw_alg);
1035blk_lrw_err:
1036 crypto_unregister_alg(&ablk_ctr_alg);
1037ablk_ctr_err:
1038 crypto_unregister_alg(&ablk_cbc_alg);
1039ablk_cbc_err:
1040 crypto_unregister_alg(&ablk_ecb_alg);
1041ablk_ecb_err:
1042 crypto_unregister_alg(&blk_ctr_alg);
1043blk_ctr_err:
1044 crypto_unregister_alg(&blk_cbc_alg);
1045blk_cbc_err:
1046 crypto_unregister_alg(&blk_ecb_alg);
1047blk_ecb_err:
1048 return err;
1049} 932}
1050 933
1051static void __exit serpent_sse2_exit(void) 934static void __exit serpent_sse2_exit(void)
1052{ 935{
1053 crypto_unregister_alg(&ablk_xts_alg); 936 crypto_unregister_algs(serpent_algs, ARRAY_SIZE(serpent_algs));
1054 crypto_unregister_alg(&blk_xts_alg);
1055 crypto_unregister_alg(&ablk_lrw_alg);
1056 crypto_unregister_alg(&blk_lrw_alg);
1057 crypto_unregister_alg(&ablk_ctr_alg);
1058 crypto_unregister_alg(&ablk_cbc_alg);
1059 crypto_unregister_alg(&ablk_ecb_alg);
1060 crypto_unregister_alg(&blk_ctr_alg);
1061 crypto_unregister_alg(&blk_cbc_alg);
1062 crypto_unregister_alg(&blk_ecb_alg);
1063} 937}
1064 938
1065module_init(serpent_sse2_init); 939module_init(serpent_sse2_init);
diff --git a/arch/x86/crypto/twofish_glue.c b/arch/x86/crypto/twofish_glue.c
index dc6b3fb817fc..359ae084275c 100644
--- a/arch/x86/crypto/twofish_glue.c
+++ b/arch/x86/crypto/twofish_glue.c
@@ -68,7 +68,7 @@ static struct crypto_alg alg = {
68 .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 68 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
69 .cra_blocksize = TF_BLOCK_SIZE, 69 .cra_blocksize = TF_BLOCK_SIZE,
70 .cra_ctxsize = sizeof(struct twofish_ctx), 70 .cra_ctxsize = sizeof(struct twofish_ctx),
71 .cra_alignmask = 3, 71 .cra_alignmask = 0,
72 .cra_module = THIS_MODULE, 72 .cra_module = THIS_MODULE,
73 .cra_list = LIST_HEAD_INIT(alg.cra_list), 73 .cra_list = LIST_HEAD_INIT(alg.cra_list),
74 .cra_u = { 74 .cra_u = {
diff --git a/arch/x86/crypto/twofish_glue_3way.c b/arch/x86/crypto/twofish_glue_3way.c
index 7fee8c152f93..408fc0c5814e 100644
--- a/arch/x86/crypto/twofish_glue_3way.c
+++ b/arch/x86/crypto/twofish_glue_3way.c
@@ -25,6 +25,7 @@
25 * 25 *
26 */ 26 */
27 27
28#include <asm/processor.h>
28#include <linux/crypto.h> 29#include <linux/crypto.h>
29#include <linux/init.h> 30#include <linux/init.h>
30#include <linux/module.h> 31#include <linux/module.h>
@@ -122,28 +123,6 @@ static int ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
122 return ecb_crypt(desc, &walk, twofish_dec_blk, twofish_dec_blk_3way); 123 return ecb_crypt(desc, &walk, twofish_dec_blk, twofish_dec_blk_3way);
123} 124}
124 125
125static struct crypto_alg blk_ecb_alg = {
126 .cra_name = "ecb(twofish)",
127 .cra_driver_name = "ecb-twofish-3way",
128 .cra_priority = 300,
129 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
130 .cra_blocksize = TF_BLOCK_SIZE,
131 .cra_ctxsize = sizeof(struct twofish_ctx),
132 .cra_alignmask = 0,
133 .cra_type = &crypto_blkcipher_type,
134 .cra_module = THIS_MODULE,
135 .cra_list = LIST_HEAD_INIT(blk_ecb_alg.cra_list),
136 .cra_u = {
137 .blkcipher = {
138 .min_keysize = TF_MIN_KEY_SIZE,
139 .max_keysize = TF_MAX_KEY_SIZE,
140 .setkey = twofish_setkey,
141 .encrypt = ecb_encrypt,
142 .decrypt = ecb_decrypt,
143 },
144 },
145};
146
147static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 126static unsigned int __cbc_encrypt(struct blkcipher_desc *desc,
148 struct blkcipher_walk *walk) 127 struct blkcipher_walk *walk)
149{ 128{
@@ -267,29 +246,6 @@ static int cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
267 return err; 246 return err;
268} 247}
269 248
270static struct crypto_alg blk_cbc_alg = {
271 .cra_name = "cbc(twofish)",
272 .cra_driver_name = "cbc-twofish-3way",
273 .cra_priority = 300,
274 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
275 .cra_blocksize = TF_BLOCK_SIZE,
276 .cra_ctxsize = sizeof(struct twofish_ctx),
277 .cra_alignmask = 0,
278 .cra_type = &crypto_blkcipher_type,
279 .cra_module = THIS_MODULE,
280 .cra_list = LIST_HEAD_INIT(blk_cbc_alg.cra_list),
281 .cra_u = {
282 .blkcipher = {
283 .min_keysize = TF_MIN_KEY_SIZE,
284 .max_keysize = TF_MAX_KEY_SIZE,
285 .ivsize = TF_BLOCK_SIZE,
286 .setkey = twofish_setkey,
287 .encrypt = cbc_encrypt,
288 .decrypt = cbc_decrypt,
289 },
290 },
291};
292
293static inline void u128_to_be128(be128 *dst, const u128 *src) 249static inline void u128_to_be128(be128 *dst, const u128 *src)
294{ 250{
295 dst->a = cpu_to_be64(src->a); 251 dst->a = cpu_to_be64(src->a);
@@ -411,29 +367,6 @@ static int ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
411 return err; 367 return err;
412} 368}
413 369
414static struct crypto_alg blk_ctr_alg = {
415 .cra_name = "ctr(twofish)",
416 .cra_driver_name = "ctr-twofish-3way",
417 .cra_priority = 300,
418 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
419 .cra_blocksize = 1,
420 .cra_ctxsize = sizeof(struct twofish_ctx),
421 .cra_alignmask = 0,
422 .cra_type = &crypto_blkcipher_type,
423 .cra_module = THIS_MODULE,
424 .cra_list = LIST_HEAD_INIT(blk_ctr_alg.cra_list),
425 .cra_u = {
426 .blkcipher = {
427 .min_keysize = TF_MIN_KEY_SIZE,
428 .max_keysize = TF_MAX_KEY_SIZE,
429 .ivsize = TF_BLOCK_SIZE,
430 .setkey = twofish_setkey,
431 .encrypt = ctr_crypt,
432 .decrypt = ctr_crypt,
433 },
434 },
435};
436
437static void encrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes) 370static void encrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes)
438{ 371{
439 const unsigned int bsize = TF_BLOCK_SIZE; 372 const unsigned int bsize = TF_BLOCK_SIZE;
@@ -524,30 +457,6 @@ static void lrw_exit_tfm(struct crypto_tfm *tfm)
524 lrw_free_table(&ctx->lrw_table); 457 lrw_free_table(&ctx->lrw_table);
525} 458}
526 459
527static struct crypto_alg blk_lrw_alg = {
528 .cra_name = "lrw(twofish)",
529 .cra_driver_name = "lrw-twofish-3way",
530 .cra_priority = 300,
531 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
532 .cra_blocksize = TF_BLOCK_SIZE,
533 .cra_ctxsize = sizeof(struct twofish_lrw_ctx),
534 .cra_alignmask = 0,
535 .cra_type = &crypto_blkcipher_type,
536 .cra_module = THIS_MODULE,
537 .cra_list = LIST_HEAD_INIT(blk_lrw_alg.cra_list),
538 .cra_exit = lrw_exit_tfm,
539 .cra_u = {
540 .blkcipher = {
541 .min_keysize = TF_MIN_KEY_SIZE + TF_BLOCK_SIZE,
542 .max_keysize = TF_MAX_KEY_SIZE + TF_BLOCK_SIZE,
543 .ivsize = TF_BLOCK_SIZE,
544 .setkey = lrw_twofish_setkey,
545 .encrypt = lrw_encrypt,
546 .decrypt = lrw_decrypt,
547 },
548 },
549};
550
551struct twofish_xts_ctx { 460struct twofish_xts_ctx {
552 struct twofish_ctx tweak_ctx; 461 struct twofish_ctx tweak_ctx;
553 struct twofish_ctx crypt_ctx; 462 struct twofish_ctx crypt_ctx;
@@ -614,7 +523,91 @@ static int xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
614 return xts_crypt(desc, dst, src, nbytes, &req); 523 return xts_crypt(desc, dst, src, nbytes, &req);
615} 524}
616 525
617static struct crypto_alg blk_xts_alg = { 526static struct crypto_alg tf_algs[5] = { {
527 .cra_name = "ecb(twofish)",
528 .cra_driver_name = "ecb-twofish-3way",
529 .cra_priority = 300,
530 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
531 .cra_blocksize = TF_BLOCK_SIZE,
532 .cra_ctxsize = sizeof(struct twofish_ctx),
533 .cra_alignmask = 0,
534 .cra_type = &crypto_blkcipher_type,
535 .cra_module = THIS_MODULE,
536 .cra_list = LIST_HEAD_INIT(tf_algs[0].cra_list),
537 .cra_u = {
538 .blkcipher = {
539 .min_keysize = TF_MIN_KEY_SIZE,
540 .max_keysize = TF_MAX_KEY_SIZE,
541 .setkey = twofish_setkey,
542 .encrypt = ecb_encrypt,
543 .decrypt = ecb_decrypt,
544 },
545 },
546}, {
547 .cra_name = "cbc(twofish)",
548 .cra_driver_name = "cbc-twofish-3way",
549 .cra_priority = 300,
550 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
551 .cra_blocksize = TF_BLOCK_SIZE,
552 .cra_ctxsize = sizeof(struct twofish_ctx),
553 .cra_alignmask = 0,
554 .cra_type = &crypto_blkcipher_type,
555 .cra_module = THIS_MODULE,
556 .cra_list = LIST_HEAD_INIT(tf_algs[1].cra_list),
557 .cra_u = {
558 .blkcipher = {
559 .min_keysize = TF_MIN_KEY_SIZE,
560 .max_keysize = TF_MAX_KEY_SIZE,
561 .ivsize = TF_BLOCK_SIZE,
562 .setkey = twofish_setkey,
563 .encrypt = cbc_encrypt,
564 .decrypt = cbc_decrypt,
565 },
566 },
567}, {
568 .cra_name = "ctr(twofish)",
569 .cra_driver_name = "ctr-twofish-3way",
570 .cra_priority = 300,
571 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
572 .cra_blocksize = 1,
573 .cra_ctxsize = sizeof(struct twofish_ctx),
574 .cra_alignmask = 0,
575 .cra_type = &crypto_blkcipher_type,
576 .cra_module = THIS_MODULE,
577 .cra_list = LIST_HEAD_INIT(tf_algs[2].cra_list),
578 .cra_u = {
579 .blkcipher = {
580 .min_keysize = TF_MIN_KEY_SIZE,
581 .max_keysize = TF_MAX_KEY_SIZE,
582 .ivsize = TF_BLOCK_SIZE,
583 .setkey = twofish_setkey,
584 .encrypt = ctr_crypt,
585 .decrypt = ctr_crypt,
586 },
587 },
588}, {
589 .cra_name = "lrw(twofish)",
590 .cra_driver_name = "lrw-twofish-3way",
591 .cra_priority = 300,
592 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
593 .cra_blocksize = TF_BLOCK_SIZE,
594 .cra_ctxsize = sizeof(struct twofish_lrw_ctx),
595 .cra_alignmask = 0,
596 .cra_type = &crypto_blkcipher_type,
597 .cra_module = THIS_MODULE,
598 .cra_list = LIST_HEAD_INIT(tf_algs[3].cra_list),
599 .cra_exit = lrw_exit_tfm,
600 .cra_u = {
601 .blkcipher = {
602 .min_keysize = TF_MIN_KEY_SIZE + TF_BLOCK_SIZE,
603 .max_keysize = TF_MAX_KEY_SIZE + TF_BLOCK_SIZE,
604 .ivsize = TF_BLOCK_SIZE,
605 .setkey = lrw_twofish_setkey,
606 .encrypt = lrw_encrypt,
607 .decrypt = lrw_decrypt,
608 },
609 },
610}, {
618 .cra_name = "xts(twofish)", 611 .cra_name = "xts(twofish)",
619 .cra_driver_name = "xts-twofish-3way", 612 .cra_driver_name = "xts-twofish-3way",
620 .cra_priority = 300, 613 .cra_priority = 300,
@@ -624,7 +617,7 @@ static struct crypto_alg blk_xts_alg = {
624 .cra_alignmask = 0, 617 .cra_alignmask = 0,
625 .cra_type = &crypto_blkcipher_type, 618 .cra_type = &crypto_blkcipher_type,
626 .cra_module = THIS_MODULE, 619 .cra_module = THIS_MODULE,
627 .cra_list = LIST_HEAD_INIT(blk_xts_alg.cra_list), 620 .cra_list = LIST_HEAD_INIT(tf_algs[4].cra_list),
628 .cra_u = { 621 .cra_u = {
629 .blkcipher = { 622 .blkcipher = {
630 .min_keysize = TF_MIN_KEY_SIZE * 2, 623 .min_keysize = TF_MIN_KEY_SIZE * 2,
@@ -635,50 +628,62 @@ static struct crypto_alg blk_xts_alg = {
635 .decrypt = xts_decrypt, 628 .decrypt = xts_decrypt,
636 }, 629 },
637 }, 630 },
638}; 631} };
632
633static bool is_blacklisted_cpu(void)
634{
635 if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
636 return false;
637
638 if (boot_cpu_data.x86 == 0x06 &&
639 (boot_cpu_data.x86_model == 0x1c ||
640 boot_cpu_data.x86_model == 0x26 ||
641 boot_cpu_data.x86_model == 0x36)) {
642 /*
643 * On Atom, twofish-3way is slower than original assembler
644 * implementation. Twofish-3way trades off some performance in
645 * storing blocks in 64bit registers to allow three blocks to
646 * be processed parallel. Parallel operation then allows gaining
647 * more performance than was trade off, on out-of-order CPUs.
648 * However Atom does not benefit from this parallellism and
649 * should be blacklisted.
650 */
651 return true;
652 }
653
654 if (boot_cpu_data.x86 == 0x0f) {
655 /*
656 * On Pentium 4, twofish-3way is slower than original assembler
657 * implementation because excessive uses of 64bit rotate and
658 * left-shifts (which are really slow on P4) needed to store and
659 * handle 128bit block in two 64bit registers.
660 */
661 return true;
662 }
663
664 return false;
665}
666
667static int force;
668module_param(force, int, 0);
669MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist");
639 670
640int __init init(void) 671int __init init(void)
641{ 672{
642 int err; 673 if (!force && is_blacklisted_cpu()) {
674 printk(KERN_INFO
675 "twofish-x86_64-3way: performance on this CPU "
676 "would be suboptimal: disabling "
677 "twofish-x86_64-3way.\n");
678 return -ENODEV;
679 }
643 680
644 err = crypto_register_alg(&blk_ecb_alg); 681 return crypto_register_algs(tf_algs, ARRAY_SIZE(tf_algs));
645 if (err)
646 goto ecb_err;
647 err = crypto_register_alg(&blk_cbc_alg);
648 if (err)
649 goto cbc_err;
650 err = crypto_register_alg(&blk_ctr_alg);
651 if (err)
652 goto ctr_err;
653 err = crypto_register_alg(&blk_lrw_alg);
654 if (err)
655 goto blk_lrw_err;
656 err = crypto_register_alg(&blk_xts_alg);
657 if (err)
658 goto blk_xts_err;
659
660 return 0;
661
662 crypto_unregister_alg(&blk_xts_alg);
663blk_xts_err:
664 crypto_unregister_alg(&blk_lrw_alg);
665blk_lrw_err:
666 crypto_unregister_alg(&blk_ctr_alg);
667ctr_err:
668 crypto_unregister_alg(&blk_cbc_alg);
669cbc_err:
670 crypto_unregister_alg(&blk_ecb_alg);
671ecb_err:
672 return err;
673} 682}
674 683
675void __exit fini(void) 684void __exit fini(void)
676{ 685{
677 crypto_unregister_alg(&blk_xts_alg); 686 crypto_unregister_algs(tf_algs, ARRAY_SIZE(tf_algs));
678 crypto_unregister_alg(&blk_lrw_alg);
679 crypto_unregister_alg(&blk_ctr_alg);
680 crypto_unregister_alg(&blk_cbc_alg);
681 crypto_unregister_alg(&blk_ecb_alg);
682} 687}
683 688
684module_init(init); 689module_init(init);
diff --git a/crypto/Kconfig b/crypto/Kconfig
index e6cfe1a25137..6318edd6a457 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -654,6 +654,24 @@ config CRYPTO_CAMELLIA
654 See also: 654 See also:
655 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 655 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
656 656
657config CRYPTO_CAMELLIA_X86_64
658 tristate "Camellia cipher algorithm (x86_64)"
659 depends on (X86 || UML_X86) && 64BIT
660 depends on CRYPTO
661 select CRYPTO_ALGAPI
662 select CRYPTO_LRW
663 select CRYPTO_XTS
664 help
665 Camellia cipher algorithm module (x86_64).
666
667 Camellia is a symmetric key block cipher developed jointly
668 at NTT and Mitsubishi Electric Corporation.
669
670 The Camellia specifies three key sizes: 128, 192 and 256 bits.
671
672 See also:
673 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
674
657config CRYPTO_CAST5 675config CRYPTO_CAST5
658 tristate "CAST5 (CAST-128) cipher algorithm" 676 tristate "CAST5 (CAST-128) cipher algorithm"
659 select CRYPTO_ALGAPI 677 select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index f638063f4ea9..30f33d675330 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -67,7 +67,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o
67obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o 67obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
68obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o 68obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o
69obj-$(CONFIG_CRYPTO_AES) += aes_generic.o 69obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
70obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o 70obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia_generic.o
71obj-$(CONFIG_CRYPTO_CAST5) += cast5.o 71obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
72obj-$(CONFIG_CRYPTO_CAST6) += cast6.o 72obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
73obj-$(CONFIG_CRYPTO_ARC4) += arc4.o 73obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 9d4a9fe913f8..056571b85445 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -405,6 +405,41 @@ int crypto_unregister_alg(struct crypto_alg *alg)
405} 405}
406EXPORT_SYMBOL_GPL(crypto_unregister_alg); 406EXPORT_SYMBOL_GPL(crypto_unregister_alg);
407 407
408int crypto_register_algs(struct crypto_alg *algs, int count)
409{
410 int i, ret;
411
412 for (i = 0; i < count; i++) {
413 ret = crypto_register_alg(&algs[i]);
414 if (ret)
415 goto err;
416 }
417
418 return 0;
419
420err:
421 for (--i; i >= 0; --i)
422 crypto_unregister_alg(&algs[i]);
423
424 return ret;
425}
426EXPORT_SYMBOL_GPL(crypto_register_algs);
427
428int crypto_unregister_algs(struct crypto_alg *algs, int count)
429{
430 int i, ret;
431
432 for (i = 0; i < count; i++) {
433 ret = crypto_unregister_alg(&algs[i]);
434 if (ret)
435 pr_err("Failed to unregister %s %s: %d\n",
436 algs[i].cra_driver_name, algs[i].cra_name, ret);
437 }
438
439 return 0;
440}
441EXPORT_SYMBOL_GPL(crypto_unregister_algs);
442
408int crypto_register_template(struct crypto_template *tmpl) 443int crypto_register_template(struct crypto_template *tmpl)
409{ 444{
410 struct crypto_template *q; 445 struct crypto_template *q;
diff --git a/crypto/camellia.c b/crypto/camellia_generic.c
index 64cff46ea5e4..f7aaaaf86982 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia_generic.c
@@ -337,43 +337,40 @@ static const u32 camellia_sp4404[256] = {
337/* 337/*
338 * macros 338 * macros
339 */ 339 */
340#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 340#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \
341 do { \
342 w0 = ll; \ 341 w0 = ll; \
343 ll = (ll << bits) + (lr >> (32 - bits)); \ 342 ll = (ll << bits) + (lr >> (32 - bits)); \
344 lr = (lr << bits) + (rl >> (32 - bits)); \ 343 lr = (lr << bits) + (rl >> (32 - bits)); \
345 rl = (rl << bits) + (rr >> (32 - bits)); \ 344 rl = (rl << bits) + (rr >> (32 - bits)); \
346 rr = (rr << bits) + (w0 >> (32 - bits)); \ 345 rr = (rr << bits) + (w0 >> (32 - bits)); \
347 } while (0) 346})
348 347
349#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 348#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \
350 do { \
351 w0 = ll; \ 349 w0 = ll; \
352 w1 = lr; \ 350 w1 = lr; \
353 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 351 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
354 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 352 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
355 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 353 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
356 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 354 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
357 } while (0) 355})
358 356
359#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 357#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \
360 do { \
361 il = xl ^ kl; \ 358 il = xl ^ kl; \
362 ir = xr ^ kr; \ 359 ir = xr ^ kr; \
363 t0 = il >> 16; \ 360 t0 = il >> 16; \
364 t1 = ir >> 16; \ 361 t1 = ir >> 16; \
365 yl = camellia_sp1110[(u8)(ir )] \ 362 yl = camellia_sp1110[(u8)(ir)] \
366 ^ camellia_sp0222[ (t1 >> 8)] \ 363 ^ camellia_sp0222[(u8)(t1 >> 8)] \
367 ^ camellia_sp3033[(u8)(t1 )] \ 364 ^ camellia_sp3033[(u8)(t1)] \
368 ^ camellia_sp4404[(u8)(ir >> 8)]; \ 365 ^ camellia_sp4404[(u8)(ir >> 8)]; \
369 yr = camellia_sp1110[ (t0 >> 8)] \ 366 yr = camellia_sp1110[(u8)(t0 >> 8)] \
370 ^ camellia_sp0222[(u8)(t0 )] \ 367 ^ camellia_sp0222[(u8)(t0)] \
371 ^ camellia_sp3033[(u8)(il >> 8)] \ 368 ^ camellia_sp3033[(u8)(il >> 8)] \
372 ^ camellia_sp4404[(u8)(il )]; \ 369 ^ camellia_sp4404[(u8)(il)]; \
373 yl ^= yr; \ 370 yl ^= yr; \
374 yr = ror32(yr, 8); \ 371 yr = ror32(yr, 8); \
375 yr ^= yl; \ 372 yr ^= yl; \
376 } while (0) 373})
377 374
378#define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) 375#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
379#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) 376#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
@@ -382,7 +379,6 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
382{ 379{
383 u32 dw, tl, tr; 380 u32 dw, tl, tr;
384 u32 kw4l, kw4r; 381 u32 kw4l, kw4r;
385 int i;
386 382
387 /* absorb kw2 to other subkeys */ 383 /* absorb kw2 to other subkeys */
388 /* round 2 */ 384 /* round 2 */
@@ -557,24 +553,6 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
557 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */ 553 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
558 SUBKEY_R(32) = subR[32] ^ subR[31]; 554 SUBKEY_R(32) = subR[32] ^ subR[31];
559 } 555 }
560
561 /* apply the inverse of the last half of P-function */
562 i = 2;
563 do {
564 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */
565 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
566 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */
567 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
568 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */
569 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
570 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */
571 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
572 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 8);/* round 5 */
573 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
574 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */
575 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
576 i += 8;
577 } while (i < max);
578} 556}
579 557
580static void camellia_setup128(const unsigned char *key, u32 *subkey) 558static void camellia_setup128(const unsigned char *key, u32 *subkey)
@@ -851,8 +829,7 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
851/* 829/*
852 * Encrypt/decrypt 830 * Encrypt/decrypt
853 */ 831 */
854#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 832#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
855 do { \
856 t0 = kll; \ 833 t0 = kll; \
857 t2 = krr; \ 834 t2 = krr; \
858 t0 &= ll; \ 835 t0 &= ll; \
@@ -865,23 +842,23 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
865 t1 |= lr; \ 842 t1 |= lr; \
866 ll ^= t1; \ 843 ll ^= t1; \
867 rr ^= rol32(t3, 1); \ 844 rr ^= rol32(t3, 1); \
868 } while (0) 845})
869 846
870#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ 847#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \
871 do { \ 848 yl ^= kl; \
849 yr ^= kr; \
872 ir = camellia_sp1110[(u8)xr]; \ 850 ir = camellia_sp1110[(u8)xr]; \
873 il = camellia_sp1110[ (xl >> 24)]; \ 851 il = camellia_sp1110[(u8)(xl >> 24)]; \
874 ir ^= camellia_sp0222[ (xr >> 24)]; \ 852 ir ^= camellia_sp0222[(u8)(xr >> 24)]; \
875 il ^= camellia_sp0222[(u8)(xl >> 16)]; \ 853 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
876 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \ 854 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
877 il ^= camellia_sp3033[(u8)(xl >> 8)]; \ 855 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
878 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \ 856 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
879 il ^= camellia_sp4404[(u8)xl]; \ 857 il ^= camellia_sp4404[(u8)xl]; \
880 il ^= kl; \ 858 ir ^= il; \
881 ir ^= il ^ kr; \
882 yl ^= ir; \ 859 yl ^= ir; \
883 yr ^= ror32(il, 8) ^ ir; \ 860 yr ^= ror32(il, 8) ^ ir; \
884 } while (0) 861})
885 862
886/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ 863/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
887static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) 864static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
@@ -893,7 +870,7 @@ static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
893 io[1] ^= SUBKEY_R(0); 870 io[1] ^= SUBKEY_R(0);
894 871
895 /* main iteration */ 872 /* main iteration */
896#define ROUNDS(i) do { \ 873#define ROUNDS(i) ({ \
897 CAMELLIA_ROUNDSM(io[0], io[1], \ 874 CAMELLIA_ROUNDSM(io[0], io[1], \
898 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ 875 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
899 io[2], io[3], il, ir); \ 876 io[2], io[3], il, ir); \
@@ -912,13 +889,13 @@ static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
912 CAMELLIA_ROUNDSM(io[2], io[3], \ 889 CAMELLIA_ROUNDSM(io[2], io[3], \
913 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ 890 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
914 io[0], io[1], il, ir); \ 891 io[0], io[1], il, ir); \
915} while (0) 892})
916#define FLS(i) do { \ 893#define FLS(i) ({ \
917 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ 894 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
918 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ 895 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
919 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ 896 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
920 t0, t1, il, ir); \ 897 t0, t1, il, ir); \
921} while (0) 898})
922 899
923 ROUNDS(0); 900 ROUNDS(0);
924 FLS(8); 901 FLS(8);
@@ -948,7 +925,7 @@ static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
948 io[1] ^= SUBKEY_R(i); 925 io[1] ^= SUBKEY_R(i);
949 926
950 /* main iteration */ 927 /* main iteration */
951#define ROUNDS(i) do { \ 928#define ROUNDS(i) ({ \
952 CAMELLIA_ROUNDSM(io[0], io[1], \ 929 CAMELLIA_ROUNDSM(io[0], io[1], \
953 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ 930 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
954 io[2], io[3], il, ir); \ 931 io[2], io[3], il, ir); \
@@ -967,13 +944,13 @@ static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
967 CAMELLIA_ROUNDSM(io[2], io[3], \ 944 CAMELLIA_ROUNDSM(io[2], io[3], \
968 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ 945 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
969 io[0], io[1], il, ir); \ 946 io[0], io[1], il, ir); \
970} while (0) 947})
971#define FLS(i) do { \ 948#define FLS(i) ({ \
972 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ 949 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
973 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ 950 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
974 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ 951 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
975 t0, t1, il, ir); \ 952 t0, t1, il, ir); \
976} while (0) 953})
977 954
978 if (i == 32) { 955 if (i == 32) {
979 ROUNDS(24); 956 ROUNDS(24);
@@ -1035,6 +1012,7 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1035 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1012 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1036 const __be32 *src = (const __be32 *)in; 1013 const __be32 *src = (const __be32 *)in;
1037 __be32 *dst = (__be32 *)out; 1014 __be32 *dst = (__be32 *)out;
1015 unsigned int max;
1038 1016
1039 u32 tmp[4]; 1017 u32 tmp[4];
1040 1018
@@ -1043,9 +1021,12 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1043 tmp[2] = be32_to_cpu(src[2]); 1021 tmp[2] = be32_to_cpu(src[2]);
1044 tmp[3] = be32_to_cpu(src[3]); 1022 tmp[3] = be32_to_cpu(src[3]);
1045 1023
1046 camellia_do_encrypt(cctx->key_table, tmp, 1024 if (cctx->key_length == 16)
1047 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ 1025 max = 24;
1048 ); 1026 else
1027 max = 32; /* for key lengths of 24 and 32 */
1028
1029 camellia_do_encrypt(cctx->key_table, tmp, max);
1049 1030
1050 /* do_encrypt returns 0,1 swapped with 2,3 */ 1031 /* do_encrypt returns 0,1 swapped with 2,3 */
1051 dst[0] = cpu_to_be32(tmp[2]); 1032 dst[0] = cpu_to_be32(tmp[2]);
@@ -1059,6 +1040,7 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1059 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1040 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1060 const __be32 *src = (const __be32 *)in; 1041 const __be32 *src = (const __be32 *)in;
1061 __be32 *dst = (__be32 *)out; 1042 __be32 *dst = (__be32 *)out;
1043 unsigned int max;
1062 1044
1063 u32 tmp[4]; 1045 u32 tmp[4];
1064 1046
@@ -1067,9 +1049,12 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1067 tmp[2] = be32_to_cpu(src[2]); 1049 tmp[2] = be32_to_cpu(src[2]);
1068 tmp[3] = be32_to_cpu(src[3]); 1050 tmp[3] = be32_to_cpu(src[3]);
1069 1051
1070 camellia_do_decrypt(cctx->key_table, tmp, 1052 if (cctx->key_length == 16)
1071 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ 1053 max = 24;
1072 ); 1054 else
1055 max = 32; /* for key lengths of 24 and 32 */
1056
1057 camellia_do_decrypt(cctx->key_table, tmp, max);
1073 1058
1074 /* do_decrypt returns 0,1 swapped with 2,3 */ 1059 /* do_decrypt returns 0,1 swapped with 2,3 */
1075 dst[0] = cpu_to_be32(tmp[2]); 1060 dst[0] = cpu_to_be32(tmp[2]);
@@ -1114,3 +1099,4 @@ module_exit(camellia_fini);
1114 1099
1115MODULE_DESCRIPTION("Camellia Cipher Algorithm"); 1100MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1116MODULE_LICENSE("GPL"); 1101MODULE_LICENSE("GPL");
1102MODULE_ALIAS("camellia");
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index b6ac1387770c..f76e42bcc6e7 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -304,7 +304,7 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
304static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, 304static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
305 struct nlattr **attrs) 305 struct nlattr **attrs)
306{ 306{
307 int exact; 307 int exact = 0;
308 const char *name; 308 const char *name;
309 struct crypto_alg *alg; 309 struct crypto_alg *alg;
310 struct crypto_user_alg *p = nlmsg_data(nlh); 310 struct crypto_user_alg *p = nlmsg_data(nlh);
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 7736a9f05aba..8f147bff0980 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1297,6 +1297,18 @@ static int do_test(int m)
1297 speed_template_16_24_32); 1297 speed_template_16_24_32);
1298 test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0, 1298 test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0,
1299 speed_template_16_24_32); 1299 speed_template_16_24_32);
1300 test_cipher_speed("ctr(camellia)", ENCRYPT, sec, NULL, 0,
1301 speed_template_16_24_32);
1302 test_cipher_speed("ctr(camellia)", DECRYPT, sec, NULL, 0,
1303 speed_template_16_24_32);
1304 test_cipher_speed("lrw(camellia)", ENCRYPT, sec, NULL, 0,
1305 speed_template_32_40_48);
1306 test_cipher_speed("lrw(camellia)", DECRYPT, sec, NULL, 0,
1307 speed_template_32_40_48);
1308 test_cipher_speed("xts(camellia)", ENCRYPT, sec, NULL, 0,
1309 speed_template_32_48_64);
1310 test_cipher_speed("xts(camellia)", DECRYPT, sec, NULL, 0,
1311 speed_template_32_48_64);
1300 break; 1312 break;
1301 1313
1302 case 206: 1314 case 206:
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index bb54b882d738..5674878ff6c1 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1846,6 +1846,21 @@ static const struct alg_test_desc alg_test_descs[] = {
1846 } 1846 }
1847 } 1847 }
1848 }, { 1848 }, {
1849 .alg = "ctr(camellia)",
1850 .test = alg_test_skcipher,
1851 .suite = {
1852 .cipher = {
1853 .enc = {
1854 .vecs = camellia_ctr_enc_tv_template,
1855 .count = CAMELLIA_CTR_ENC_TEST_VECTORS
1856 },
1857 .dec = {
1858 .vecs = camellia_ctr_dec_tv_template,
1859 .count = CAMELLIA_CTR_DEC_TEST_VECTORS
1860 }
1861 }
1862 }
1863 }, {
1849 .alg = "ctr(serpent)", 1864 .alg = "ctr(serpent)",
1850 .test = alg_test_skcipher, 1865 .test = alg_test_skcipher,
1851 .suite = { 1866 .suite = {
@@ -2297,6 +2312,21 @@ static const struct alg_test_desc alg_test_descs[] = {
2297 } 2312 }
2298 } 2313 }
2299 }, { 2314 }, {
2315 .alg = "lrw(camellia)",
2316 .test = alg_test_skcipher,
2317 .suite = {
2318 .cipher = {
2319 .enc = {
2320 .vecs = camellia_lrw_enc_tv_template,
2321 .count = CAMELLIA_LRW_ENC_TEST_VECTORS
2322 },
2323 .dec = {
2324 .vecs = camellia_lrw_dec_tv_template,
2325 .count = CAMELLIA_LRW_DEC_TEST_VECTORS
2326 }
2327 }
2328 }
2329 }, {
2300 .alg = "lrw(serpent)", 2330 .alg = "lrw(serpent)",
2301 .test = alg_test_skcipher, 2331 .test = alg_test_skcipher,
2302 .suite = { 2332 .suite = {
@@ -2634,6 +2664,21 @@ static const struct alg_test_desc alg_test_descs[] = {
2634 } 2664 }
2635 } 2665 }
2636 }, { 2666 }, {
2667 .alg = "xts(camellia)",
2668 .test = alg_test_skcipher,
2669 .suite = {
2670 .cipher = {
2671 .enc = {
2672 .vecs = camellia_xts_enc_tv_template,
2673 .count = CAMELLIA_XTS_ENC_TEST_VECTORS
2674 },
2675 .dec = {
2676 .vecs = camellia_xts_dec_tv_template,
2677 .count = CAMELLIA_XTS_DEC_TEST_VECTORS
2678 }
2679 }
2680 }
2681 }, {
2637 .alg = "xts(serpent)", 2682 .alg = "xts(serpent)",
2638 .test = alg_test_skcipher, 2683 .test = alg_test_skcipher,
2639 .suite = { 2684 .suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 43e84d32b341..36e5a8ee0e1e 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -11332,10 +11332,16 @@ static struct cipher_testvec fcrypt_pcbc_dec_tv_template[] = {
11332/* 11332/*
11333 * CAMELLIA test vectors. 11333 * CAMELLIA test vectors.
11334 */ 11334 */
11335#define CAMELLIA_ENC_TEST_VECTORS 3 11335#define CAMELLIA_ENC_TEST_VECTORS 4
11336#define CAMELLIA_DEC_TEST_VECTORS 3 11336#define CAMELLIA_DEC_TEST_VECTORS 4
11337#define CAMELLIA_CBC_ENC_TEST_VECTORS 2 11337#define CAMELLIA_CBC_ENC_TEST_VECTORS 3
11338#define CAMELLIA_CBC_DEC_TEST_VECTORS 2 11338#define CAMELLIA_CBC_DEC_TEST_VECTORS 3
11339#define CAMELLIA_CTR_ENC_TEST_VECTORS 2
11340#define CAMELLIA_CTR_DEC_TEST_VECTORS 2
11341#define CAMELLIA_LRW_ENC_TEST_VECTORS 8
11342#define CAMELLIA_LRW_DEC_TEST_VECTORS 8
11343#define CAMELLIA_XTS_ENC_TEST_VECTORS 5
11344#define CAMELLIA_XTS_DEC_TEST_VECTORS 5
11339 11345
11340static struct cipher_testvec camellia_enc_tv_template[] = { 11346static struct cipher_testvec camellia_enc_tv_template[] = {
11341 { 11347 {
@@ -11372,6 +11378,27 @@ static struct cipher_testvec camellia_enc_tv_template[] = {
11372 "\x20\xef\x7c\x91\x9e\x3a\x75\x09", 11378 "\x20\xef\x7c\x91\x9e\x3a\x75\x09",
11373 .rlen = 16, 11379 .rlen = 16,
11374 }, 11380 },
11381 { /* Generated with Crypto++ */
11382 .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C"
11383 "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D"
11384 "\x4A\x27\x04\xE1\x27\x04\xE1\xBE"
11385 "\x9B\x78\xBE\x9B\x78\x55\x32\x0F",
11386 .klen = 32,
11387 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11388 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11389 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11390 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11391 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11392 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48",
11393 .ilen = 48,
11394 .result = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA"
11395 "\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7"
11396 "\xA5\xFF\x6F\x43\x0F\xBA\x32\x04"
11397 "\xB3\xC2\xB9\x03\xAA\x91\x56\x29"
11398 "\x0D\xD0\xFD\xC4\x65\xA5\x69\xB9"
11399 "\xF1\xF6\xB1\xA5\xB2\x75\x4F\x8A",
11400 .rlen = 48,
11401 },
11375}; 11402};
11376 11403
11377static struct cipher_testvec camellia_dec_tv_template[] = { 11404static struct cipher_testvec camellia_dec_tv_template[] = {
@@ -11409,6 +11436,27 @@ static struct cipher_testvec camellia_dec_tv_template[] = {
11409 "\xfe\xdc\xba\x98\x76\x54\x32\x10", 11436 "\xfe\xdc\xba\x98\x76\x54\x32\x10",
11410 .rlen = 16, 11437 .rlen = 16,
11411 }, 11438 },
11439 { /* Generated with Crypto++ */
11440 .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C"
11441 "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D"
11442 "\x4A\x27\x04\xE1\x27\x04\xE1\xBE"
11443 "\x9B\x78\xBE\x9B\x78\x55\x32\x0F",
11444 .klen = 32,
11445 .input = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA"
11446 "\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7"
11447 "\xA5\xFF\x6F\x43\x0F\xBA\x32\x04"
11448 "\xB3\xC2\xB9\x03\xAA\x91\x56\x29"
11449 "\x0D\xD0\xFD\xC4\x65\xA5\x69\xB9"
11450 "\xF1\xF6\xB1\xA5\xB2\x75\x4F\x8A",
11451 .ilen = 48,
11452 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11453 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11454 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11455 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11456 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11457 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48",
11458 .rlen = 48,
11459 },
11412}; 11460};
11413 11461
11414static struct cipher_testvec camellia_cbc_enc_tv_template[] = { 11462static struct cipher_testvec camellia_cbc_enc_tv_template[] = {
@@ -11440,6 +11488,29 @@ static struct cipher_testvec camellia_cbc_enc_tv_template[] = {
11440 "\x15\x78\xe0\x5e\xf2\xcb\x87\x16", 11488 "\x15\x78\xe0\x5e\xf2\xcb\x87\x16",
11441 .rlen = 32, 11489 .rlen = 32,
11442 }, 11490 },
11491 { /* Generated with Crypto++ */
11492 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
11493 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
11494 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
11495 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
11496 .klen = 32,
11497 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
11498 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
11499 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11500 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11501 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11502 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11503 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11504 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48",
11505 .ilen = 48,
11506 .result = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77"
11507 "\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40"
11508 "\x88\x39\xE3\xFD\x94\x4B\x25\x58"
11509 "\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B"
11510 "\xB9\xF9\xC2\x27\x6A\xB6\x31\x27"
11511 "\xA6\xAD\xEF\xE5\x5D\xE4\x02\x01",
11512 .rlen = 48,
11513 },
11443}; 11514};
11444 11515
11445static struct cipher_testvec camellia_cbc_dec_tv_template[] = { 11516static struct cipher_testvec camellia_cbc_dec_tv_template[] = {
@@ -11471,6 +11542,1310 @@ static struct cipher_testvec camellia_cbc_dec_tv_template[] = {
11471 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 11542 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
11472 .rlen = 32, 11543 .rlen = 32,
11473 }, 11544 },
11545 { /* Generated with Crypto++ */
11546 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
11547 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
11548 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
11549 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
11550 .klen = 32,
11551 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
11552 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
11553 .input = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77"
11554 "\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40"
11555 "\x88\x39\xE3\xFD\x94\x4B\x25\x58"
11556 "\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B"
11557 "\xB9\xF9\xC2\x27\x6A\xB6\x31\x27"
11558 "\xA6\xAD\xEF\xE5\x5D\xE4\x02\x01",
11559 .ilen = 48,
11560 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11561 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11562 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11563 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11564 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11565 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48",
11566 .rlen = 48,
11567 },
11568};
11569
11570static struct cipher_testvec camellia_ctr_enc_tv_template[] = {
11571 { /* Generated with Crypto++ */
11572 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
11573 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
11574 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
11575 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
11576 .klen = 32,
11577 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
11578 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
11579 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11580 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11581 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11582 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11583 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11584 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48",
11585 .ilen = 48,
11586 .result = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11"
11587 "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE"
11588 "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4"
11589 "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6"
11590 "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85"
11591 "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C",
11592 .rlen = 48,
11593 },
11594 { /* Generated with Crypto++ */
11595 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
11596 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
11597 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
11598 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
11599 .klen = 32,
11600 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
11601 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
11602 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11603 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11604 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11605 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11606 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11607 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
11608 "\xDF\x76\x0D",
11609 .ilen = 51,
11610 .result = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11"
11611 "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE"
11612 "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4"
11613 "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6"
11614 "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85"
11615 "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C"
11616 "\x1E\x43\xEF",
11617 .rlen = 51,
11618 },
11619};
11620
11621static struct cipher_testvec camellia_ctr_dec_tv_template[] = {
11622 { /* Generated with Crypto++ */
11623 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
11624 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
11625 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
11626 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
11627 .klen = 32,
11628 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
11629 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
11630 .input = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11"
11631 "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE"
11632 "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4"
11633 "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6"
11634 "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85"
11635 "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C",
11636 .ilen = 48,
11637 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11638 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11639 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11640 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11641 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11642 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48",
11643 .rlen = 48,
11644 },
11645 { /* Generated with Crypto++ */
11646 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
11647 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
11648 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
11649 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
11650 .klen = 32,
11651 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
11652 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
11653 .input = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11"
11654 "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE"
11655 "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4"
11656 "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6"
11657 "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85"
11658 "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C"
11659 "\x1E\x43\xEF",
11660 .ilen = 51,
11661 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
11662 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
11663 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
11664 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
11665 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
11666 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
11667 "\xDF\x76\x0D",
11668 .rlen = 51,
11669 },
11670
11671};
11672
11673static struct cipher_testvec camellia_lrw_enc_tv_template[] = {
11674 /* Generated from AES-LRW test vectors */
11675 {
11676 .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
11677 "\x4c\x26\x84\x14\xb5\x68\x01\x85"
11678 "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
11679 "\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
11680 .klen = 32,
11681 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11682 "\x00\x00\x00\x00\x00\x00\x00\x01",
11683 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11684 "\x38\x39\x41\x42\x43\x44\x45\x46",
11685 .ilen = 16,
11686 .result = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31"
11687 "\x97\xcc\x72\xbe\x99\x17\xeb\x3e",
11688 .rlen = 16,
11689 }, {
11690 .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c"
11691 "\xd7\x79\xe8\x0f\x54\x88\x79\x44"
11692 "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea"
11693 "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf",
11694 .klen = 32,
11695 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11696 "\x00\x00\x00\x00\x00\x00\x00\x02",
11697 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11698 "\x38\x39\x41\x42\x43\x44\x45\x46",
11699 .ilen = 16,
11700 .result = "\x73\x09\xb7\x50\xb6\x77\x30\x50"
11701 "\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a",
11702 .rlen = 16,
11703 }, {
11704 .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50"
11705 "\x30\xfe\x69\xe2\x37\x7f\x98\x47"
11706 "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6"
11707 "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f",
11708 .klen = 32,
11709 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11710 "\x00\x00\x00\x02\x00\x00\x00\x00",
11711 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11712 "\x38\x39\x41\x42\x43\x44\x45\x46",
11713 .ilen = 16,
11714 .result = "\x90\xae\x83\xe0\x22\xb9\x60\x91"
11715 "\xfa\xa9\xb7\x98\xe3\xed\x87\x01",
11716 .rlen = 16,
11717 }, {
11718 .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15"
11719 "\x25\x83\xf7\x3c\x1f\x01\x28\x74"
11720 "\xca\xc6\xbc\x35\x4d\x4a\x65\x54"
11721 "\x90\xae\x61\xcf\x7b\xae\xbd\xcc"
11722 "\xad\xe4\x94\xc5\x4a\x29\xae\x70",
11723 .klen = 40,
11724 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11725 "\x00\x00\x00\x00\x00\x00\x00\x01",
11726 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11727 "\x38\x39\x41\x42\x43\x44\x45\x46",
11728 .ilen = 16,
11729 .result = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0"
11730 "\xd8\x83\xef\xd9\x07\x16\x5f\x35",
11731 .rlen = 16,
11732 }, {
11733 .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff"
11734 "\xf8\x86\xce\xac\x93\xc5\xad\xc6"
11735 "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd"
11736 "\x52\x13\xb2\xb7\xf0\xff\x11\xd8"
11737 "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f",
11738 .klen = 40,
11739 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11740 "\x00\x00\x00\x02\x00\x00\x00\x00",
11741 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11742 "\x38\x39\x41\x42\x43\x44\x45\x46",
11743 .ilen = 16,
11744 .result = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e"
11745 "\xde\x1a\xf2\x29\xf1\x4a\xe0\x15",
11746 .rlen = 16,
11747 }, {
11748 .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
11749 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
11750 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
11751 "\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
11752 "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
11753 "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
11754 .klen = 48,
11755 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11756 "\x00\x00\x00\x00\x00\x00\x00\x01",
11757 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11758 "\x38\x39\x41\x42\x43\x44\x45\x46",
11759 .ilen = 16,
11760 .result = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9"
11761 "\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d",
11762 .rlen = 16,
11763 }, {
11764 .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d"
11765 "\xd4\x70\x98\x0b\xc7\x95\x84\xc8"
11766 "\xb2\xfb\x64\xce\x60\x97\x87\x8d"
11767 "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7"
11768 "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4"
11769 "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c",
11770 .klen = 48,
11771 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11772 "\x00\x00\x00\x02\x00\x00\x00\x00",
11773 .input = "\x30\x31\x32\x33\x34\x35\x36\x37"
11774 "\x38\x39\x41\x42\x43\x44\x45\x46",
11775 .ilen = 16,
11776 .result = "\x04\xab\x28\x37\x31\x7a\x26\xab"
11777 "\xa1\x70\x1b\x9c\xe7\xdd\x83\xff",
11778 .rlen = 16,
11779 }, {
11780 .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
11781 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
11782 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
11783 "\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
11784 "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
11785 "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
11786 .klen = 48,
11787 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11788 "\x00\x00\x00\x00\x00\x00\x00\x01",
11789 .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
11790 "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
11791 "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
11792 "\x50\x38\x1f\x71\x49\xb6\x57\xd6"
11793 "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
11794 "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
11795 "\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
11796 "\xda\x10\x8e\xed\xa2\xa4\x87\xab"
11797 "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
11798 "\xc9\xac\x42\x31\x95\x7c\xc9\x04"
11799 "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
11800 "\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
11801 "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
11802 "\x4c\x96\x12\xed\x7c\x92\x03\x01"
11803 "\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
11804 "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
11805 "\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
11806 "\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
11807 "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
11808 "\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
11809 "\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
11810 "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
11811 "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
11812 "\x76\x12\x73\x44\x1a\x56\xd7\x72"
11813 "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
11814 "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
11815 "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
11816 "\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
11817 "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
11818 "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
11819 "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
11820 "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
11821 "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
11822 "\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
11823 "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
11824 "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
11825 "\x8d\x23\x31\x74\x84\xeb\x88\x6e"
11826 "\xcc\xb9\xbc\x22\x83\x19\x07\x22"
11827 "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
11828 "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
11829 "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
11830 "\x3c\xce\x8f\x42\x60\x71\xa7\x75"
11831 "\x08\x40\x65\x8a\x82\xbf\xf5\x43"
11832 "\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
11833 "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
11834 "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
11835 "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
11836 "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
11837 "\x62\x73\x65\xfd\x46\x63\x25\x3d"
11838 "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
11839 "\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
11840 "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
11841 "\xc5\x68\x77\x84\x32\x2b\xcc\x85"
11842 "\x74\x96\xf0\x12\x77\x61\xb9\xeb"
11843 "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
11844 "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
11845 "\xda\x39\x87\x45\xc0\x2b\xbb\x01"
11846 "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
11847 "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
11848 "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
11849 "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
11850 "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
11851 "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
11852 "\x21\xc4\xc2\x75\x67\x89\x37\x0a",
11853 .ilen = 512,
11854 .result = "\x90\x69\x8e\xf2\x14\x86\x59\xf9"
11855 "\xec\xe7\xfa\x3f\x48\x9d\x7f\x96"
11856 "\x67\x76\xac\x2c\xd2\x63\x18\x93"
11857 "\x13\xf8\xf1\xf6\x71\x77\xb3\xee"
11858 "\x93\xb2\xcc\xf3\x26\xc1\x16\x4f"
11859 "\xd4\xe8\x43\xc1\x68\xa3\x3e\x06"
11860 "\x38\x51\xff\xa8\xb9\xa4\xeb\xb1"
11861 "\x62\xdd\x78\x81\xea\x1d\xef\x04"
11862 "\x1d\x07\xc1\x67\xc8\xd6\x77\xa1"
11863 "\x84\x95\xf4\x9a\xd9\xbc\x2d\xe2"
11864 "\xf6\x80\xfc\x91\x2a\xbc\x42\xa0"
11865 "\x40\x41\x69\xaa\x71\xc0\x37\xec"
11866 "\x39\xf3\xf2\xec\x82\xc3\x88\x79"
11867 "\xbc\xc3\xaa\xb7\xcf\x6a\x72\x80"
11868 "\x4c\xf4\x84\x8f\x13\x9e\x94\x5c"
11869 "\xe5\xb2\x91\xbb\x92\x51\x4d\xf1"
11870 "\xd6\x0d\x71\x6b\x7a\xc2\x2f\x12"
11871 "\x6f\x75\xc7\x80\x99\x50\x84\xcf"
11872 "\xa8\xeb\xd6\xe1\x1c\x59\x81\x7e"
11873 "\xb9\xb3\xde\x7a\x93\x14\x12\xa2"
11874 "\xf7\x43\xb3\x9d\x1a\x87\x65\x91"
11875 "\x42\x08\x40\x82\x06\x1c\x2d\x55"
11876 "\x6e\x48\xd5\x74\x07\x6e\x9d\x80"
11877 "\xeb\xb4\x97\xa1\x36\xdf\xfa\x74"
11878 "\x79\x7f\x5a\x75\xe7\x71\xc8\x8c"
11879 "\x7e\xf8\x3a\x77\xcd\x32\x05\xf9"
11880 "\x3d\xd4\xe9\xa2\xbb\xc4\x8b\x83"
11881 "\x42\x5c\x82\xfa\xe9\x4b\x96\x3b"
11882 "\x7f\x89\x8b\xf9\xf1\x87\xda\xf0"
11883 "\x87\xef\x13\x5d\xf0\xe2\xc5\xc1"
11884 "\xed\x14\xa9\x57\x19\x63\x40\x04"
11885 "\x24\xeb\x6e\x19\xd1\x3d\x70\x78"
11886 "\xeb\xda\x55\x70\x2c\x4f\x41\x5b"
11887 "\x56\x9f\x1a\xd3\xac\xf1\xc0\xc3"
11888 "\x21\xec\xd7\xd2\x55\x32\x7c\x2e"
11889 "\x3c\x48\x8e\xb4\x85\x35\x47\xfe"
11890 "\xe2\x88\x79\x98\x6a\xc9\x8d\xff"
11891 "\xe9\x89\x6e\xb8\xe2\x97\x00\xbd"
11892 "\xa4\x8f\xba\xd0\x8c\xcb\x79\x99"
11893 "\xb3\xb2\xb2\x7a\xc3\xb7\xef\x75"
11894 "\x23\x52\x76\xc3\x50\x6e\x66\xf8"
11895 "\xa2\xe2\xce\xba\x40\x21\x3f\xc9"
11896 "\x0a\x32\x7f\xf7\x08\x8c\x66\xcf"
11897 "\xd3\xdf\x57\x59\x83\xb8\xe1\x85"
11898 "\xd6\x8f\xfb\x48\x1f\x3a\xc4\x2f"
11899 "\xb4\x2d\x58\xab\xd8\x7f\x5e\x3a"
11900 "\xbc\x62\x3e\xe2\x6a\x52\x0d\x76"
11901 "\x2f\x1c\x1a\x30\xed\x95\x2a\x44"
11902 "\x35\xa5\x83\x04\x84\x01\x99\x56"
11903 "\xb7\xe3\x10\x96\xfa\xdc\x19\xdd"
11904 "\xe2\x7f\xcb\xa0\x49\x1b\xff\x4c"
11905 "\x73\xf6\xbb\x94\x00\xe8\xa9\x3d"
11906 "\xe2\x20\xe9\x3f\xfa\x07\x5d\x77"
11907 "\x06\xd5\x4f\x4d\x02\xb8\x40\x1b"
11908 "\x30\xed\x1a\x50\x19\xef\xc4\x2c"
11909 "\x02\xd9\xc5\xd3\x11\x33\x37\xe5"
11910 "\x2b\xa3\x95\xa6\xee\xd8\x74\x1d"
11911 "\x68\xa0\xeb\xbf\xdd\x5e\x99\x96"
11912 "\x91\xc3\x94\x24\xa5\x12\xa2\x37"
11913 "\xb3\xac\xcf\x2a\xfd\x55\x34\xfe"
11914 "\x79\x92\x3e\xe6\x1b\x49\x57\x5d"
11915 "\x93\x6c\x01\xf7\xcc\x4e\x20\xd1"
11916 "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9"
11917 "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95",
11918 .rlen = 512,
11919 },
11920};
11921
11922static struct cipher_testvec camellia_lrw_dec_tv_template[] = {
11923 /* Generated from AES-LRW test vectors */
11924 /* same as enc vectors with input and result reversed */
11925 {
11926 .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
11927 "\x4c\x26\x84\x14\xb5\x68\x01\x85"
11928 "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
11929 "\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
11930 .klen = 32,
11931 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11932 "\x00\x00\x00\x00\x00\x00\x00\x01",
11933 .input = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31"
11934 "\x97\xcc\x72\xbe\x99\x17\xeb\x3e",
11935 .ilen = 16,
11936 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
11937 "\x38\x39\x41\x42\x43\x44\x45\x46",
11938 .rlen = 16,
11939 }, {
11940 .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c"
11941 "\xd7\x79\xe8\x0f\x54\x88\x79\x44"
11942 "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea"
11943 "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf",
11944 .klen = 32,
11945 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11946 "\x00\x00\x00\x00\x00\x00\x00\x02",
11947 .input = "\x73\x09\xb7\x50\xb6\x77\x30\x50"
11948 "\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a",
11949 .ilen = 16,
11950 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
11951 "\x38\x39\x41\x42\x43\x44\x45\x46",
11952 .rlen = 16,
11953 }, {
11954 .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50"
11955 "\x30\xfe\x69\xe2\x37\x7f\x98\x47"
11956 "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6"
11957 "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f",
11958 .klen = 32,
11959 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11960 "\x00\x00\x00\x02\x00\x00\x00\x00",
11961 .input = "\x90\xae\x83\xe0\x22\xb9\x60\x91"
11962 "\xfa\xa9\xb7\x98\xe3\xed\x87\x01",
11963 .ilen = 16,
11964 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
11965 "\x38\x39\x41\x42\x43\x44\x45\x46",
11966 .rlen = 16,
11967 }, {
11968 .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15"
11969 "\x25\x83\xf7\x3c\x1f\x01\x28\x74"
11970 "\xca\xc6\xbc\x35\x4d\x4a\x65\x54"
11971 "\x90\xae\x61\xcf\x7b\xae\xbd\xcc"
11972 "\xad\xe4\x94\xc5\x4a\x29\xae\x70",
11973 .klen = 40,
11974 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11975 "\x00\x00\x00\x00\x00\x00\x00\x01",
11976 .input = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0"
11977 "\xd8\x83\xef\xd9\x07\x16\x5f\x35",
11978 .ilen = 16,
11979 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
11980 "\x38\x39\x41\x42\x43\x44\x45\x46",
11981 .rlen = 16,
11982 }, {
11983 .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff"
11984 "\xf8\x86\xce\xac\x93\xc5\xad\xc6"
11985 "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd"
11986 "\x52\x13\xb2\xb7\xf0\xff\x11\xd8"
11987 "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f",
11988 .klen = 40,
11989 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
11990 "\x00\x00\x00\x02\x00\x00\x00\x00",
11991 .input = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e"
11992 "\xde\x1a\xf2\x29\xf1\x4a\xe0\x15",
11993 .ilen = 16,
11994 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
11995 "\x38\x39\x41\x42\x43\x44\x45\x46",
11996 .rlen = 16,
11997 }, {
11998 .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
11999 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
12000 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
12001 "\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
12002 "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
12003 "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
12004 .klen = 48,
12005 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12006 "\x00\x00\x00\x00\x00\x00\x00\x01",
12007 .input = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9"
12008 "\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d",
12009 .ilen = 16,
12010 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
12011 "\x38\x39\x41\x42\x43\x44\x45\x46",
12012 .rlen = 16,
12013 }, {
12014 .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d"
12015 "\xd4\x70\x98\x0b\xc7\x95\x84\xc8"
12016 "\xb2\xfb\x64\xce\x60\x97\x87\x8d"
12017 "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7"
12018 "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4"
12019 "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c",
12020 .klen = 48,
12021 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12022 "\x00\x00\x00\x02\x00\x00\x00\x00",
12023 .input = "\x04\xab\x28\x37\x31\x7a\x26\xab"
12024 "\xa1\x70\x1b\x9c\xe7\xdd\x83\xff",
12025 .ilen = 16,
12026 .result = "\x30\x31\x32\x33\x34\x35\x36\x37"
12027 "\x38\x39\x41\x42\x43\x44\x45\x46",
12028 .rlen = 16,
12029 }, {
12030 .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
12031 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
12032 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
12033 "\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
12034 "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
12035 "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
12036 .klen = 48,
12037 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12038 "\x00\x00\x00\x00\x00\x00\x00\x01",
12039 .input = "\x90\x69\x8e\xf2\x14\x86\x59\xf9"
12040 "\xec\xe7\xfa\x3f\x48\x9d\x7f\x96"
12041 "\x67\x76\xac\x2c\xd2\x63\x18\x93"
12042 "\x13\xf8\xf1\xf6\x71\x77\xb3\xee"
12043 "\x93\xb2\xcc\xf3\x26\xc1\x16\x4f"
12044 "\xd4\xe8\x43\xc1\x68\xa3\x3e\x06"
12045 "\x38\x51\xff\xa8\xb9\xa4\xeb\xb1"
12046 "\x62\xdd\x78\x81\xea\x1d\xef\x04"
12047 "\x1d\x07\xc1\x67\xc8\xd6\x77\xa1"
12048 "\x84\x95\xf4\x9a\xd9\xbc\x2d\xe2"
12049 "\xf6\x80\xfc\x91\x2a\xbc\x42\xa0"
12050 "\x40\x41\x69\xaa\x71\xc0\x37\xec"
12051 "\x39\xf3\xf2\xec\x82\xc3\x88\x79"
12052 "\xbc\xc3\xaa\xb7\xcf\x6a\x72\x80"
12053 "\x4c\xf4\x84\x8f\x13\x9e\x94\x5c"
12054 "\xe5\xb2\x91\xbb\x92\x51\x4d\xf1"
12055 "\xd6\x0d\x71\x6b\x7a\xc2\x2f\x12"
12056 "\x6f\x75\xc7\x80\x99\x50\x84\xcf"
12057 "\xa8\xeb\xd6\xe1\x1c\x59\x81\x7e"
12058 "\xb9\xb3\xde\x7a\x93\x14\x12\xa2"
12059 "\xf7\x43\xb3\x9d\x1a\x87\x65\x91"
12060 "\x42\x08\x40\x82\x06\x1c\x2d\x55"
12061 "\x6e\x48\xd5\x74\x07\x6e\x9d\x80"
12062 "\xeb\xb4\x97\xa1\x36\xdf\xfa\x74"
12063 "\x79\x7f\x5a\x75\xe7\x71\xc8\x8c"
12064 "\x7e\xf8\x3a\x77\xcd\x32\x05\xf9"
12065 "\x3d\xd4\xe9\xa2\xbb\xc4\x8b\x83"
12066 "\x42\x5c\x82\xfa\xe9\x4b\x96\x3b"
12067 "\x7f\x89\x8b\xf9\xf1\x87\xda\xf0"
12068 "\x87\xef\x13\x5d\xf0\xe2\xc5\xc1"
12069 "\xed\x14\xa9\x57\x19\x63\x40\x04"
12070 "\x24\xeb\x6e\x19\xd1\x3d\x70\x78"
12071 "\xeb\xda\x55\x70\x2c\x4f\x41\x5b"
12072 "\x56\x9f\x1a\xd3\xac\xf1\xc0\xc3"
12073 "\x21\xec\xd7\xd2\x55\x32\x7c\x2e"
12074 "\x3c\x48\x8e\xb4\x85\x35\x47\xfe"
12075 "\xe2\x88\x79\x98\x6a\xc9\x8d\xff"
12076 "\xe9\x89\x6e\xb8\xe2\x97\x00\xbd"
12077 "\xa4\x8f\xba\xd0\x8c\xcb\x79\x99"
12078 "\xb3\xb2\xb2\x7a\xc3\xb7\xef\x75"
12079 "\x23\x52\x76\xc3\x50\x6e\x66\xf8"
12080 "\xa2\xe2\xce\xba\x40\x21\x3f\xc9"
12081 "\x0a\x32\x7f\xf7\x08\x8c\x66\xcf"
12082 "\xd3\xdf\x57\x59\x83\xb8\xe1\x85"
12083 "\xd6\x8f\xfb\x48\x1f\x3a\xc4\x2f"
12084 "\xb4\x2d\x58\xab\xd8\x7f\x5e\x3a"
12085 "\xbc\x62\x3e\xe2\x6a\x52\x0d\x76"
12086 "\x2f\x1c\x1a\x30\xed\x95\x2a\x44"
12087 "\x35\xa5\x83\x04\x84\x01\x99\x56"
12088 "\xb7\xe3\x10\x96\xfa\xdc\x19\xdd"
12089 "\xe2\x7f\xcb\xa0\x49\x1b\xff\x4c"
12090 "\x73\xf6\xbb\x94\x00\xe8\xa9\x3d"
12091 "\xe2\x20\xe9\x3f\xfa\x07\x5d\x77"
12092 "\x06\xd5\x4f\x4d\x02\xb8\x40\x1b"
12093 "\x30\xed\x1a\x50\x19\xef\xc4\x2c"
12094 "\x02\xd9\xc5\xd3\x11\x33\x37\xe5"
12095 "\x2b\xa3\x95\xa6\xee\xd8\x74\x1d"
12096 "\x68\xa0\xeb\xbf\xdd\x5e\x99\x96"
12097 "\x91\xc3\x94\x24\xa5\x12\xa2\x37"
12098 "\xb3\xac\xcf\x2a\xfd\x55\x34\xfe"
12099 "\x79\x92\x3e\xe6\x1b\x49\x57\x5d"
12100 "\x93\x6c\x01\xf7\xcc\x4e\x20\xd1"
12101 "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9"
12102 "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95",
12103 .ilen = 512,
12104 .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
12105 "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
12106 "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
12107 "\x50\x38\x1f\x71\x49\xb6\x57\xd6"
12108 "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
12109 "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
12110 "\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
12111 "\xda\x10\x8e\xed\xa2\xa4\x87\xab"
12112 "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
12113 "\xc9\xac\x42\x31\x95\x7c\xc9\x04"
12114 "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
12115 "\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
12116 "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
12117 "\x4c\x96\x12\xed\x7c\x92\x03\x01"
12118 "\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
12119 "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
12120 "\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
12121 "\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
12122 "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
12123 "\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
12124 "\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
12125 "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
12126 "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
12127 "\x76\x12\x73\x44\x1a\x56\xd7\x72"
12128 "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
12129 "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
12130 "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
12131 "\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
12132 "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
12133 "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
12134 "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
12135 "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
12136 "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
12137 "\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
12138 "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
12139 "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
12140 "\x8d\x23\x31\x74\x84\xeb\x88\x6e"
12141 "\xcc\xb9\xbc\x22\x83\x19\x07\x22"
12142 "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
12143 "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
12144 "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
12145 "\x3c\xce\x8f\x42\x60\x71\xa7\x75"
12146 "\x08\x40\x65\x8a\x82\xbf\xf5\x43"
12147 "\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
12148 "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
12149 "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
12150 "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
12151 "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
12152 "\x62\x73\x65\xfd\x46\x63\x25\x3d"
12153 "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
12154 "\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
12155 "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
12156 "\xc5\x68\x77\x84\x32\x2b\xcc\x85"
12157 "\x74\x96\xf0\x12\x77\x61\xb9\xeb"
12158 "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
12159 "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
12160 "\xda\x39\x87\x45\xc0\x2b\xbb\x01"
12161 "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
12162 "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
12163 "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
12164 "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
12165 "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
12166 "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
12167 "\x21\xc4\xc2\x75\x67\x89\x37\x0a",
12168 .rlen = 512,
12169 },
12170};
12171
12172static struct cipher_testvec camellia_xts_enc_tv_template[] = {
12173 /* Generated from AES-XTS test vectors */
12174 {
12175 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
12176 "\x00\x00\x00\x00\x00\x00\x00\x00"
12177 "\x00\x00\x00\x00\x00\x00\x00\x00"
12178 "\x00\x00\x00\x00\x00\x00\x00\x00",
12179 .klen = 32,
12180 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12181 "\x00\x00\x00\x00\x00\x00\x00\x00",
12182 .input = "\x00\x00\x00\x00\x00\x00\x00\x00"
12183 "\x00\x00\x00\x00\x00\x00\x00\x00"
12184 "\x00\x00\x00\x00\x00\x00\x00\x00"
12185 "\x00\x00\x00\x00\x00\x00\x00\x00",
12186 .ilen = 32,
12187 .result = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41"
12188 "\xdc\xca\xfa\x09\xba\x74\xb9\x05"
12189 "\x78\xba\xa4\xf8\x67\x4d\x7e\xad"
12190 "\x20\x18\xf5\x0c\x41\x16\x2a\x61",
12191 .rlen = 32,
12192 }, {
12193 .key = "\x11\x11\x11\x11\x11\x11\x11\x11"
12194 "\x11\x11\x11\x11\x11\x11\x11\x11"
12195 "\x22\x22\x22\x22\x22\x22\x22\x22"
12196 "\x22\x22\x22\x22\x22\x22\x22\x22",
12197 .klen = 32,
12198 .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
12199 "\x00\x00\x00\x00\x00\x00\x00\x00",
12200 .input = "\x44\x44\x44\x44\x44\x44\x44\x44"
12201 "\x44\x44\x44\x44\x44\x44\x44\x44"
12202 "\x44\x44\x44\x44\x44\x44\x44\x44"
12203 "\x44\x44\x44\x44\x44\x44\x44\x44",
12204 .ilen = 32,
12205 .result = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86"
12206 "\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f"
12207 "\xb5\x37\x06\xff\xbd\xd4\x91\x70"
12208 "\x80\x1f\xb2\x39\x10\x89\x44\xf5",
12209 .rlen = 32,
12210 }, {
12211 .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
12212 "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
12213 "\x22\x22\x22\x22\x22\x22\x22\x22"
12214 "\x22\x22\x22\x22\x22\x22\x22\x22",
12215 .klen = 32,
12216 .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
12217 "\x00\x00\x00\x00\x00\x00\x00\x00",
12218 .input = "\x44\x44\x44\x44\x44\x44\x44\x44"
12219 "\x44\x44\x44\x44\x44\x44\x44\x44"
12220 "\x44\x44\x44\x44\x44\x44\x44\x44"
12221 "\x44\x44\x44\x44\x44\x44\x44\x44",
12222 .ilen = 32,
12223 .result = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e"
12224 "\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7"
12225 "\xb4\x3b\xce\xe7\x17\xaa\x89\x6a"
12226 "\x35\x3c\x6b\xb5\x61\x1c\x79\x38",
12227 .rlen = 32,
12228 }, {
12229 .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
12230 "\x23\x53\x60\x28\x74\x71\x35\x26"
12231 "\x31\x41\x59\x26\x53\x58\x97\x93"
12232 "\x23\x84\x62\x64\x33\x83\x27\x95",
12233 .klen = 32,
12234 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12235 "\x00\x00\x00\x00\x00\x00\x00\x00",
12236 .input = "\x00\x01\x02\x03\x04\x05\x06\x07"
12237 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12238 "\x10\x11\x12\x13\x14\x15\x16\x17"
12239 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12240 "\x20\x21\x22\x23\x24\x25\x26\x27"
12241 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12242 "\x30\x31\x32\x33\x34\x35\x36\x37"
12243 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12244 "\x40\x41\x42\x43\x44\x45\x46\x47"
12245 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12246 "\x50\x51\x52\x53\x54\x55\x56\x57"
12247 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12248 "\x60\x61\x62\x63\x64\x65\x66\x67"
12249 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12250 "\x70\x71\x72\x73\x74\x75\x76\x77"
12251 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12252 "\x80\x81\x82\x83\x84\x85\x86\x87"
12253 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12254 "\x90\x91\x92\x93\x94\x95\x96\x97"
12255 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12256 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12257 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12258 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12259 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12260 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12261 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12262 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12263 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12264 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12265 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12266 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12267 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
12268 "\x00\x01\x02\x03\x04\x05\x06\x07"
12269 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12270 "\x10\x11\x12\x13\x14\x15\x16\x17"
12271 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12272 "\x20\x21\x22\x23\x24\x25\x26\x27"
12273 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12274 "\x30\x31\x32\x33\x34\x35\x36\x37"
12275 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12276 "\x40\x41\x42\x43\x44\x45\x46\x47"
12277 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12278 "\x50\x51\x52\x53\x54\x55\x56\x57"
12279 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12280 "\x60\x61\x62\x63\x64\x65\x66\x67"
12281 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12282 "\x70\x71\x72\x73\x74\x75\x76\x77"
12283 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12284 "\x80\x81\x82\x83\x84\x85\x86\x87"
12285 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12286 "\x90\x91\x92\x93\x94\x95\x96\x97"
12287 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12288 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12289 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12290 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12291 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12292 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12293 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12294 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12295 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12296 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12297 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12298 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12299 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
12300 .ilen = 512,
12301 .result = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33"
12302 "\x60\xc3\xe9\x47\x90\xb7\x50\x57"
12303 "\xa3\xad\x81\x2f\xf5\x22\x96\x02"
12304 "\xaa\x7f\xea\xac\x29\x78\xca\x2a"
12305 "\x7c\xcd\x31\x1a\x3c\x40\x0a\x73"
12306 "\x09\x66\xad\x72\x0e\x4d\x5d\x77"
12307 "\xbc\xb8\x76\x80\x37\x59\xa9\x01"
12308 "\x9e\xfb\xdb\x6c\x93\xef\xb6\x8d"
12309 "\x1e\xc1\x94\xa8\xd4\xb5\xb0\x01"
12310 "\xd5\x01\x97\x28\xcd\x7a\x1f\xe8"
12311 "\x08\xda\x76\x00\x65\xcf\x7b\x31"
12312 "\xc6\xfa\xf2\x3b\x00\xa7\x6a\x9e"
12313 "\x6c\x43\x80\x87\xe0\xbb\x4e\xe5"
12314 "\xdc\x8a\xdf\xc3\x1d\x1b\x41\x04"
12315 "\xfb\x54\xdd\x29\x27\xc2\x65\x17"
12316 "\x36\x88\xb0\x85\x8d\x73\x7e\x4b"
12317 "\x1d\x16\x8a\x52\xbc\xa6\xbc\xa4"
12318 "\x8c\xd1\x04\x16\xbf\x8c\x01\x0f"
12319 "\x7e\x6b\x59\x15\x29\xd1\x9b\xd3"
12320 "\x6c\xee\xac\xdc\x45\x58\xca\x5b"
12321 "\x70\x0e\x6a\x12\x86\x82\x79\x9f"
12322 "\x16\xd4\x9d\x67\xcd\x70\x65\x26"
12323 "\x21\x72\x1e\xa1\x94\x8a\x83\x0c"
12324 "\x92\x42\x58\x5e\xa2\xc5\x31\xf3"
12325 "\x7b\xd1\x31\xd4\x15\x80\x31\x61"
12326 "\x5c\x53\x10\xdd\xea\xc8\x83\x5c"
12327 "\x7d\xa7\x05\x66\xcc\x1e\xbb\x05"
12328 "\x47\xae\xb4\x0f\x84\xd8\xf6\xb5"
12329 "\xa1\xc6\x52\x00\x52\xe8\xdc\xd9"
12330 "\x16\x31\xb2\x47\x91\x67\xaa\x28"
12331 "\x2c\x29\x85\xa3\xf7\xf2\x24\x93"
12332 "\x23\x80\x1f\xa8\x1b\x82\x8d\xdc"
12333 "\x9f\x0b\xcd\xb4\x3c\x20\xbc\xec"
12334 "\x4f\xc7\xee\xf8\xfd\xd9\xfb\x7e"
12335 "\x3f\x0d\x23\xfa\x3f\xa7\xcc\x66"
12336 "\x1c\xfe\xa6\x86\xf6\xf7\x85\xc7"
12337 "\x43\xc1\xd4\xfc\xe4\x79\xc9\x1d"
12338 "\xf8\x89\xcd\x20\x27\x84\x5d\x5c"
12339 "\x8e\x4f\x1f\xeb\x08\x21\x4f\xa3"
12340 "\xe0\x7e\x0b\x9c\xe7\x42\xcf\xb7"
12341 "\x3f\x43\xcc\x86\x71\x34\x6a\xd9"
12342 "\x5e\xec\x8f\x36\xc9\x0a\x03\xfe"
12343 "\x18\x41\xdc\x9e\x2e\x75\x20\x3e"
12344 "\xcc\x77\xe0\x8f\xe8\x43\x37\x4c"
12345 "\xed\x1a\x5a\xb3\xfa\x43\xc9\x71"
12346 "\x9f\xc5\xce\xcf\xff\xe7\x77\x1e"
12347 "\x35\x93\xde\x6b\xc0\x6a\x7e\xa9"
12348 "\x34\xb8\x27\x74\x08\xda\xf2\x4a"
12349 "\x23\x5b\x9f\x55\x3a\x57\x82\x52"
12350 "\xea\x6d\xc3\xc7\xf2\xc8\xb5\xdc"
12351 "\xc5\xb9\xbb\xaa\xf2\x29\x9f\x49"
12352 "\x7a\xef\xfe\xdc\x9f\xc9\x28\xe2"
12353 "\x96\x0b\x35\x84\x05\x0d\xd6\x2a"
12354 "\xea\x5a\xbf\x69\xde\xee\x4f\x8f"
12355 "\x84\xb9\xcf\xa7\x57\xea\xe0\xe8"
12356 "\x96\xef\x0f\x0e\xec\xc7\xa6\x74"
12357 "\xb1\xfe\x7a\x6d\x11\xdd\x0e\x15"
12358 "\x4a\x1e\x73\x7f\x55\xea\xf6\xe1"
12359 "\x5b\xb6\x71\xda\xb0\x0c\xba\x26"
12360 "\x5c\x48\x38\x6d\x1c\x32\xb2\x7d"
12361 "\x05\x87\xc2\x1e\x7e\x2d\xd4\x33"
12362 "\xcc\x06\xdb\xe7\x82\x29\x63\xd1"
12363 "\x52\x84\x4f\xee\x27\xe8\x02\xd4"
12364 "\x34\x3c\x69\xc2\xbd\x20\xe6\x7a",
12365 .rlen = 512,
12366 }, {
12367 .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
12368 "\x23\x53\x60\x28\x74\x71\x35\x26"
12369 "\x62\x49\x77\x57\x24\x70\x93\x69"
12370 "\x99\x59\x57\x49\x66\x96\x76\x27"
12371 "\x31\x41\x59\x26\x53\x58\x97\x93"
12372 "\x23\x84\x62\x64\x33\x83\x27\x95"
12373 "\x02\x88\x41\x97\x16\x93\x99\x37"
12374 "\x51\x05\x82\x09\x74\x94\x45\x92",
12375 .klen = 64,
12376 .iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
12377 "\x00\x00\x00\x00\x00\x00\x00\x00",
12378 .input = "\x00\x01\x02\x03\x04\x05\x06\x07"
12379 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12380 "\x10\x11\x12\x13\x14\x15\x16\x17"
12381 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12382 "\x20\x21\x22\x23\x24\x25\x26\x27"
12383 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12384 "\x30\x31\x32\x33\x34\x35\x36\x37"
12385 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12386 "\x40\x41\x42\x43\x44\x45\x46\x47"
12387 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12388 "\x50\x51\x52\x53\x54\x55\x56\x57"
12389 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12390 "\x60\x61\x62\x63\x64\x65\x66\x67"
12391 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12392 "\x70\x71\x72\x73\x74\x75\x76\x77"
12393 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12394 "\x80\x81\x82\x83\x84\x85\x86\x87"
12395 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12396 "\x90\x91\x92\x93\x94\x95\x96\x97"
12397 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12398 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12399 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12400 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12401 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12402 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12403 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12404 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12405 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12406 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12407 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12408 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12409 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
12410 "\x00\x01\x02\x03\x04\x05\x06\x07"
12411 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12412 "\x10\x11\x12\x13\x14\x15\x16\x17"
12413 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12414 "\x20\x21\x22\x23\x24\x25\x26\x27"
12415 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12416 "\x30\x31\x32\x33\x34\x35\x36\x37"
12417 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12418 "\x40\x41\x42\x43\x44\x45\x46\x47"
12419 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12420 "\x50\x51\x52\x53\x54\x55\x56\x57"
12421 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12422 "\x60\x61\x62\x63\x64\x65\x66\x67"
12423 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12424 "\x70\x71\x72\x73\x74\x75\x76\x77"
12425 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12426 "\x80\x81\x82\x83\x84\x85\x86\x87"
12427 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12428 "\x90\x91\x92\x93\x94\x95\x96\x97"
12429 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12430 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12431 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12432 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12433 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12434 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12435 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12436 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12437 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12438 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12439 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12440 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12441 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
12442 .ilen = 512,
12443 .result = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28"
12444 "\x9a\x7f\x6e\x57\x55\xb8\x07\x88"
12445 "\x4a\x0d\x8b\x55\x60\xed\xb6\x7b"
12446 "\xf1\x74\xac\x96\x05\x7b\x32\xca"
12447 "\xd1\x4e\xf1\x58\x29\x16\x24\x6c"
12448 "\xf2\xb3\xe4\x88\x84\xac\x4d\xee"
12449 "\x97\x07\x82\xf0\x07\x12\x38\x0a"
12450 "\x67\x62\xaf\xfd\x85\x9f\x0a\x55"
12451 "\xa5\x20\xc5\x60\xe4\x68\x53\xa4"
12452 "\x0e\x2e\x65\xe3\xe4\x0c\x30\x7c"
12453 "\x1c\x01\x4f\x55\xa9\x13\xeb\x25"
12454 "\x21\x87\xbc\xd3\xe7\x67\x4f\x38"
12455 "\xa8\x14\x25\x71\xe9\x2e\x4c\x21"
12456 "\x41\x82\x0c\x45\x39\x35\xa8\x75"
12457 "\x03\x29\x01\x84\x8c\xab\x48\xbe"
12458 "\x11\x56\x22\x67\xb7\x67\x1a\x09"
12459 "\xa1\x72\x25\x41\x3c\x39\x65\x80"
12460 "\x7d\x2f\xf8\x2c\x73\x04\x58\x9d"
12461 "\xdd\x16\x8b\x63\x70\x4e\xc5\x17"
12462 "\x21\xe0\x84\x51\x4b\x6f\x05\x52"
12463 "\xe3\x63\x34\xfa\xa4\xaf\x33\x20"
12464 "\xc1\xae\x32\xc4\xb8\x2b\xdb\x76"
12465 "\xd9\x02\x31\x2f\xa3\xc6\xd0\x7b"
12466 "\xaf\x1b\x84\xe3\x9b\xbf\xa6\xe0"
12467 "\xb8\x8a\x13\x88\x71\xf4\x11\xa5"
12468 "\xe9\xa9\x10\x33\xe0\xbe\x49\x89"
12469 "\x41\x22\xf5\x9d\x80\x3e\x3b\x76"
12470 "\x01\x16\x50\x6e\x7c\x6a\x81\xe9"
12471 "\x13\x2c\xde\xb2\x5f\x79\xba\xb2"
12472 "\xb1\x75\xae\xd2\x07\x98\x4b\x69"
12473 "\xae\x7d\x5b\x90\xc2\x6c\xe6\x98"
12474 "\xd3\x4c\xa1\xa3\x9c\xc9\x33\x6a"
12475 "\x0d\x23\xb1\x79\x25\x13\x4b\xe5"
12476 "\xaf\x93\x20\x5c\x7f\x06\x7a\x34"
12477 "\x0b\x78\xe3\x67\x26\xe0\xad\x95"
12478 "\xc5\x4e\x26\x22\xcf\x73\x77\x62"
12479 "\x3e\x10\xd7\x90\x4b\x52\x1c\xc9"
12480 "\xef\x38\x52\x18\x0e\x29\x7e\xef"
12481 "\x34\xfe\x31\x95\xc5\xbc\xa8\xe2"
12482 "\xa8\x4e\x9f\xea\xa6\xf0\xfe\x5d"
12483 "\xc5\x39\x86\xed\x2f\x6d\xa0\xfe"
12484 "\x96\xcd\x41\x10\x78\x4e\x0c\xc9"
12485 "\xc3\x6d\x0f\xb7\xe8\xe0\x62\xab"
12486 "\x8b\xf1\x21\x89\xa1\x12\xaa\xfa"
12487 "\x9d\x70\xbe\x4c\xa8\x98\x89\x01"
12488 "\xb9\xe2\x61\xde\x0c\x4a\x0b\xaa"
12489 "\x89\xf5\x14\x79\x18\x8f\x3b\x0d"
12490 "\x21\x17\xf8\x59\x15\x24\x64\x22"
12491 "\x57\x48\x80\xd5\x3d\x92\x30\x07"
12492 "\xd9\xa1\x4a\x23\x16\x43\x48\x0e"
12493 "\x2b\x2d\x1b\x87\xef\x7e\xbd\xfa"
12494 "\x49\xbc\x7e\x68\x6e\xa8\x46\x95"
12495 "\xad\x5e\xfe\x0a\xa8\xd3\x1a\x5d"
12496 "\x6b\x84\xf3\x00\xba\x52\x05\x02"
12497 "\xe3\x96\x4e\xb6\x79\x3f\x43\xd3"
12498 "\x4d\x3f\xd6\xab\x0a\xc4\x75\x2d"
12499 "\xd1\x08\xc3\x6a\xc8\x37\x29\xa0"
12500 "\xcc\x9a\x05\xdd\x5c\xe1\xff\x66"
12501 "\xf2\x7a\x1d\xf2\xaf\xa9\x48\x89"
12502 "\xf5\x21\x0f\x02\x48\x83\x74\xbf"
12503 "\x2e\xe6\x93\x7b\xa0\xf4\xb1\x2b"
12504 "\xb1\x02\x0a\x5c\x79\x19\x3b\x75"
12505 "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e"
12506 "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95",
12507 .rlen = 512,
12508 },
12509};
12510
12511static struct cipher_testvec camellia_xts_dec_tv_template[] = {
12512 /* Generated from AES-XTS test vectors */
12513 /* same as enc vectors with input and result reversed */
12514 {
12515 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
12516 "\x00\x00\x00\x00\x00\x00\x00\x00"
12517 "\x00\x00\x00\x00\x00\x00\x00\x00"
12518 "\x00\x00\x00\x00\x00\x00\x00\x00",
12519 .klen = 32,
12520 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12521 "\x00\x00\x00\x00\x00\x00\x00\x00",
12522 .input = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41"
12523 "\xdc\xca\xfa\x09\xba\x74\xb9\x05"
12524 "\x78\xba\xa4\xf8\x67\x4d\x7e\xad"
12525 "\x20\x18\xf5\x0c\x41\x16\x2a\x61",
12526 .ilen = 32,
12527 .result = "\x00\x00\x00\x00\x00\x00\x00\x00"
12528 "\x00\x00\x00\x00\x00\x00\x00\x00"
12529 "\x00\x00\x00\x00\x00\x00\x00\x00"
12530 "\x00\x00\x00\x00\x00\x00\x00\x00",
12531 .rlen = 32,
12532 }, {
12533 .key = "\x11\x11\x11\x11\x11\x11\x11\x11"
12534 "\x11\x11\x11\x11\x11\x11\x11\x11"
12535 "\x22\x22\x22\x22\x22\x22\x22\x22"
12536 "\x22\x22\x22\x22\x22\x22\x22\x22",
12537 .klen = 32,
12538 .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
12539 "\x00\x00\x00\x00\x00\x00\x00\x00",
12540 .input = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86"
12541 "\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f"
12542 "\xb5\x37\x06\xff\xbd\xd4\x91\x70"
12543 "\x80\x1f\xb2\x39\x10\x89\x44\xf5",
12544 .ilen = 32,
12545 .result = "\x44\x44\x44\x44\x44\x44\x44\x44"
12546 "\x44\x44\x44\x44\x44\x44\x44\x44"
12547 "\x44\x44\x44\x44\x44\x44\x44\x44"
12548 "\x44\x44\x44\x44\x44\x44\x44\x44",
12549 .rlen = 32,
12550 }, {
12551 .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
12552 "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
12553 "\x22\x22\x22\x22\x22\x22\x22\x22"
12554 "\x22\x22\x22\x22\x22\x22\x22\x22",
12555 .klen = 32,
12556 .iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
12557 "\x00\x00\x00\x00\x00\x00\x00\x00",
12558 .input = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e"
12559 "\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7"
12560 "\xb4\x3b\xce\xe7\x17\xaa\x89\x6a"
12561 "\x35\x3c\x6b\xb5\x61\x1c\x79\x38",
12562 .ilen = 32,
12563 .result = "\x44\x44\x44\x44\x44\x44\x44\x44"
12564 "\x44\x44\x44\x44\x44\x44\x44\x44"
12565 "\x44\x44\x44\x44\x44\x44\x44\x44"
12566 "\x44\x44\x44\x44\x44\x44\x44\x44",
12567 .rlen = 32,
12568 }, {
12569 .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
12570 "\x23\x53\x60\x28\x74\x71\x35\x26"
12571 "\x31\x41\x59\x26\x53\x58\x97\x93"
12572 "\x23\x84\x62\x64\x33\x83\x27\x95",
12573 .klen = 32,
12574 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
12575 "\x00\x00\x00\x00\x00\x00\x00\x00",
12576 .input = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33"
12577 "\x60\xc3\xe9\x47\x90\xb7\x50\x57"
12578 "\xa3\xad\x81\x2f\xf5\x22\x96\x02"
12579 "\xaa\x7f\xea\xac\x29\x78\xca\x2a"
12580 "\x7c\xcd\x31\x1a\x3c\x40\x0a\x73"
12581 "\x09\x66\xad\x72\x0e\x4d\x5d\x77"
12582 "\xbc\xb8\x76\x80\x37\x59\xa9\x01"
12583 "\x9e\xfb\xdb\x6c\x93\xef\xb6\x8d"
12584 "\x1e\xc1\x94\xa8\xd4\xb5\xb0\x01"
12585 "\xd5\x01\x97\x28\xcd\x7a\x1f\xe8"
12586 "\x08\xda\x76\x00\x65\xcf\x7b\x31"
12587 "\xc6\xfa\xf2\x3b\x00\xa7\x6a\x9e"
12588 "\x6c\x43\x80\x87\xe0\xbb\x4e\xe5"
12589 "\xdc\x8a\xdf\xc3\x1d\x1b\x41\x04"
12590 "\xfb\x54\xdd\x29\x27\xc2\x65\x17"
12591 "\x36\x88\xb0\x85\x8d\x73\x7e\x4b"
12592 "\x1d\x16\x8a\x52\xbc\xa6\xbc\xa4"
12593 "\x8c\xd1\x04\x16\xbf\x8c\x01\x0f"
12594 "\x7e\x6b\x59\x15\x29\xd1\x9b\xd3"
12595 "\x6c\xee\xac\xdc\x45\x58\xca\x5b"
12596 "\x70\x0e\x6a\x12\x86\x82\x79\x9f"
12597 "\x16\xd4\x9d\x67\xcd\x70\x65\x26"
12598 "\x21\x72\x1e\xa1\x94\x8a\x83\x0c"
12599 "\x92\x42\x58\x5e\xa2\xc5\x31\xf3"
12600 "\x7b\xd1\x31\xd4\x15\x80\x31\x61"
12601 "\x5c\x53\x10\xdd\xea\xc8\x83\x5c"
12602 "\x7d\xa7\x05\x66\xcc\x1e\xbb\x05"
12603 "\x47\xae\xb4\x0f\x84\xd8\xf6\xb5"
12604 "\xa1\xc6\x52\x00\x52\xe8\xdc\xd9"
12605 "\x16\x31\xb2\x47\x91\x67\xaa\x28"
12606 "\x2c\x29\x85\xa3\xf7\xf2\x24\x93"
12607 "\x23\x80\x1f\xa8\x1b\x82\x8d\xdc"
12608 "\x9f\x0b\xcd\xb4\x3c\x20\xbc\xec"
12609 "\x4f\xc7\xee\xf8\xfd\xd9\xfb\x7e"
12610 "\x3f\x0d\x23\xfa\x3f\xa7\xcc\x66"
12611 "\x1c\xfe\xa6\x86\xf6\xf7\x85\xc7"
12612 "\x43\xc1\xd4\xfc\xe4\x79\xc9\x1d"
12613 "\xf8\x89\xcd\x20\x27\x84\x5d\x5c"
12614 "\x8e\x4f\x1f\xeb\x08\x21\x4f\xa3"
12615 "\xe0\x7e\x0b\x9c\xe7\x42\xcf\xb7"
12616 "\x3f\x43\xcc\x86\x71\x34\x6a\xd9"
12617 "\x5e\xec\x8f\x36\xc9\x0a\x03\xfe"
12618 "\x18\x41\xdc\x9e\x2e\x75\x20\x3e"
12619 "\xcc\x77\xe0\x8f\xe8\x43\x37\x4c"
12620 "\xed\x1a\x5a\xb3\xfa\x43\xc9\x71"
12621 "\x9f\xc5\xce\xcf\xff\xe7\x77\x1e"
12622 "\x35\x93\xde\x6b\xc0\x6a\x7e\xa9"
12623 "\x34\xb8\x27\x74\x08\xda\xf2\x4a"
12624 "\x23\x5b\x9f\x55\x3a\x57\x82\x52"
12625 "\xea\x6d\xc3\xc7\xf2\xc8\xb5\xdc"
12626 "\xc5\xb9\xbb\xaa\xf2\x29\x9f\x49"
12627 "\x7a\xef\xfe\xdc\x9f\xc9\x28\xe2"
12628 "\x96\x0b\x35\x84\x05\x0d\xd6\x2a"
12629 "\xea\x5a\xbf\x69\xde\xee\x4f\x8f"
12630 "\x84\xb9\xcf\xa7\x57\xea\xe0\xe8"
12631 "\x96\xef\x0f\x0e\xec\xc7\xa6\x74"
12632 "\xb1\xfe\x7a\x6d\x11\xdd\x0e\x15"
12633 "\x4a\x1e\x73\x7f\x55\xea\xf6\xe1"
12634 "\x5b\xb6\x71\xda\xb0\x0c\xba\x26"
12635 "\x5c\x48\x38\x6d\x1c\x32\xb2\x7d"
12636 "\x05\x87\xc2\x1e\x7e\x2d\xd4\x33"
12637 "\xcc\x06\xdb\xe7\x82\x29\x63\xd1"
12638 "\x52\x84\x4f\xee\x27\xe8\x02\xd4"
12639 "\x34\x3c\x69\xc2\xbd\x20\xe6\x7a",
12640 .ilen = 512,
12641 .result = "\x00\x01\x02\x03\x04\x05\x06\x07"
12642 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12643 "\x10\x11\x12\x13\x14\x15\x16\x17"
12644 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12645 "\x20\x21\x22\x23\x24\x25\x26\x27"
12646 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12647 "\x30\x31\x32\x33\x34\x35\x36\x37"
12648 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12649 "\x40\x41\x42\x43\x44\x45\x46\x47"
12650 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12651 "\x50\x51\x52\x53\x54\x55\x56\x57"
12652 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12653 "\x60\x61\x62\x63\x64\x65\x66\x67"
12654 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12655 "\x70\x71\x72\x73\x74\x75\x76\x77"
12656 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12657 "\x80\x81\x82\x83\x84\x85\x86\x87"
12658 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12659 "\x90\x91\x92\x93\x94\x95\x96\x97"
12660 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12661 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12662 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12663 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12664 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12665 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12666 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12667 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12668 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12669 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12670 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12671 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12672 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
12673 "\x00\x01\x02\x03\x04\x05\x06\x07"
12674 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12675 "\x10\x11\x12\x13\x14\x15\x16\x17"
12676 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12677 "\x20\x21\x22\x23\x24\x25\x26\x27"
12678 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12679 "\x30\x31\x32\x33\x34\x35\x36\x37"
12680 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12681 "\x40\x41\x42\x43\x44\x45\x46\x47"
12682 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12683 "\x50\x51\x52\x53\x54\x55\x56\x57"
12684 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12685 "\x60\x61\x62\x63\x64\x65\x66\x67"
12686 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12687 "\x70\x71\x72\x73\x74\x75\x76\x77"
12688 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12689 "\x80\x81\x82\x83\x84\x85\x86\x87"
12690 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12691 "\x90\x91\x92\x93\x94\x95\x96\x97"
12692 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12693 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12694 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12695 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12696 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12697 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12698 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12699 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12700 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12701 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12702 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12703 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12704 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
12705 .rlen = 512,
12706 }, {
12707 .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
12708 "\x23\x53\x60\x28\x74\x71\x35\x26"
12709 "\x62\x49\x77\x57\x24\x70\x93\x69"
12710 "\x99\x59\x57\x49\x66\x96\x76\x27"
12711 "\x31\x41\x59\x26\x53\x58\x97\x93"
12712 "\x23\x84\x62\x64\x33\x83\x27\x95"
12713 "\x02\x88\x41\x97\x16\x93\x99\x37"
12714 "\x51\x05\x82\x09\x74\x94\x45\x92",
12715 .klen = 64,
12716 .iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
12717 "\x00\x00\x00\x00\x00\x00\x00\x00",
12718 .input = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28"
12719 "\x9a\x7f\x6e\x57\x55\xb8\x07\x88"
12720 "\x4a\x0d\x8b\x55\x60\xed\xb6\x7b"
12721 "\xf1\x74\xac\x96\x05\x7b\x32\xca"
12722 "\xd1\x4e\xf1\x58\x29\x16\x24\x6c"
12723 "\xf2\xb3\xe4\x88\x84\xac\x4d\xee"
12724 "\x97\x07\x82\xf0\x07\x12\x38\x0a"
12725 "\x67\x62\xaf\xfd\x85\x9f\x0a\x55"
12726 "\xa5\x20\xc5\x60\xe4\x68\x53\xa4"
12727 "\x0e\x2e\x65\xe3\xe4\x0c\x30\x7c"
12728 "\x1c\x01\x4f\x55\xa9\x13\xeb\x25"
12729 "\x21\x87\xbc\xd3\xe7\x67\x4f\x38"
12730 "\xa8\x14\x25\x71\xe9\x2e\x4c\x21"
12731 "\x41\x82\x0c\x45\x39\x35\xa8\x75"
12732 "\x03\x29\x01\x84\x8c\xab\x48\xbe"
12733 "\x11\x56\x22\x67\xb7\x67\x1a\x09"
12734 "\xa1\x72\x25\x41\x3c\x39\x65\x80"
12735 "\x7d\x2f\xf8\x2c\x73\x04\x58\x9d"
12736 "\xdd\x16\x8b\x63\x70\x4e\xc5\x17"
12737 "\x21\xe0\x84\x51\x4b\x6f\x05\x52"
12738 "\xe3\x63\x34\xfa\xa4\xaf\x33\x20"
12739 "\xc1\xae\x32\xc4\xb8\x2b\xdb\x76"
12740 "\xd9\x02\x31\x2f\xa3\xc6\xd0\x7b"
12741 "\xaf\x1b\x84\xe3\x9b\xbf\xa6\xe0"
12742 "\xb8\x8a\x13\x88\x71\xf4\x11\xa5"
12743 "\xe9\xa9\x10\x33\xe0\xbe\x49\x89"
12744 "\x41\x22\xf5\x9d\x80\x3e\x3b\x76"
12745 "\x01\x16\x50\x6e\x7c\x6a\x81\xe9"
12746 "\x13\x2c\xde\xb2\x5f\x79\xba\xb2"
12747 "\xb1\x75\xae\xd2\x07\x98\x4b\x69"
12748 "\xae\x7d\x5b\x90\xc2\x6c\xe6\x98"
12749 "\xd3\x4c\xa1\xa3\x9c\xc9\x33\x6a"
12750 "\x0d\x23\xb1\x79\x25\x13\x4b\xe5"
12751 "\xaf\x93\x20\x5c\x7f\x06\x7a\x34"
12752 "\x0b\x78\xe3\x67\x26\xe0\xad\x95"
12753 "\xc5\x4e\x26\x22\xcf\x73\x77\x62"
12754 "\x3e\x10\xd7\x90\x4b\x52\x1c\xc9"
12755 "\xef\x38\x52\x18\x0e\x29\x7e\xef"
12756 "\x34\xfe\x31\x95\xc5\xbc\xa8\xe2"
12757 "\xa8\x4e\x9f\xea\xa6\xf0\xfe\x5d"
12758 "\xc5\x39\x86\xed\x2f\x6d\xa0\xfe"
12759 "\x96\xcd\x41\x10\x78\x4e\x0c\xc9"
12760 "\xc3\x6d\x0f\xb7\xe8\xe0\x62\xab"
12761 "\x8b\xf1\x21\x89\xa1\x12\xaa\xfa"
12762 "\x9d\x70\xbe\x4c\xa8\x98\x89\x01"
12763 "\xb9\xe2\x61\xde\x0c\x4a\x0b\xaa"
12764 "\x89\xf5\x14\x79\x18\x8f\x3b\x0d"
12765 "\x21\x17\xf8\x59\x15\x24\x64\x22"
12766 "\x57\x48\x80\xd5\x3d\x92\x30\x07"
12767 "\xd9\xa1\x4a\x23\x16\x43\x48\x0e"
12768 "\x2b\x2d\x1b\x87\xef\x7e\xbd\xfa"
12769 "\x49\xbc\x7e\x68\x6e\xa8\x46\x95"
12770 "\xad\x5e\xfe\x0a\xa8\xd3\x1a\x5d"
12771 "\x6b\x84\xf3\x00\xba\x52\x05\x02"
12772 "\xe3\x96\x4e\xb6\x79\x3f\x43\xd3"
12773 "\x4d\x3f\xd6\xab\x0a\xc4\x75\x2d"
12774 "\xd1\x08\xc3\x6a\xc8\x37\x29\xa0"
12775 "\xcc\x9a\x05\xdd\x5c\xe1\xff\x66"
12776 "\xf2\x7a\x1d\xf2\xaf\xa9\x48\x89"
12777 "\xf5\x21\x0f\x02\x48\x83\x74\xbf"
12778 "\x2e\xe6\x93\x7b\xa0\xf4\xb1\x2b"
12779 "\xb1\x02\x0a\x5c\x79\x19\x3b\x75"
12780 "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e"
12781 "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95",
12782 .ilen = 512,
12783 .result = "\x00\x01\x02\x03\x04\x05\x06\x07"
12784 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12785 "\x10\x11\x12\x13\x14\x15\x16\x17"
12786 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12787 "\x20\x21\x22\x23\x24\x25\x26\x27"
12788 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12789 "\x30\x31\x32\x33\x34\x35\x36\x37"
12790 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12791 "\x40\x41\x42\x43\x44\x45\x46\x47"
12792 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12793 "\x50\x51\x52\x53\x54\x55\x56\x57"
12794 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12795 "\x60\x61\x62\x63\x64\x65\x66\x67"
12796 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12797 "\x70\x71\x72\x73\x74\x75\x76\x77"
12798 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12799 "\x80\x81\x82\x83\x84\x85\x86\x87"
12800 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12801 "\x90\x91\x92\x93\x94\x95\x96\x97"
12802 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12803 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12804 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12805 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12806 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12807 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12808 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12809 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12810 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12811 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12812 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12813 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12814 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
12815 "\x00\x01\x02\x03\x04\x05\x06\x07"
12816 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
12817 "\x10\x11\x12\x13\x14\x15\x16\x17"
12818 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
12819 "\x20\x21\x22\x23\x24\x25\x26\x27"
12820 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
12821 "\x30\x31\x32\x33\x34\x35\x36\x37"
12822 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
12823 "\x40\x41\x42\x43\x44\x45\x46\x47"
12824 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
12825 "\x50\x51\x52\x53\x54\x55\x56\x57"
12826 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
12827 "\x60\x61\x62\x63\x64\x65\x66\x67"
12828 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
12829 "\x70\x71\x72\x73\x74\x75\x76\x77"
12830 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
12831 "\x80\x81\x82\x83\x84\x85\x86\x87"
12832 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
12833 "\x90\x91\x92\x93\x94\x95\x96\x97"
12834 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
12835 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
12836 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
12837 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
12838 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
12839 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
12840 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
12841 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
12842 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
12843 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
12844 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
12845 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
12846 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
12847 .rlen = 512,
12848 },
11474}; 12849};
11475 12850
11476/* 12851/*
diff --git a/drivers/char/hw_random/tx4939-rng.c b/drivers/char/hw_random/tx4939-rng.c
index 0bc0cb70210b..de473ef3882b 100644
--- a/drivers/char/hw_random/tx4939-rng.c
+++ b/drivers/char/hw_random/tx4939-rng.c
@@ -115,10 +115,7 @@ static int __init tx4939_rng_probe(struct platform_device *dev)
115 rngdev = devm_kzalloc(&dev->dev, sizeof(*rngdev), GFP_KERNEL); 115 rngdev = devm_kzalloc(&dev->dev, sizeof(*rngdev), GFP_KERNEL);
116 if (!rngdev) 116 if (!rngdev)
117 return -ENOMEM; 117 return -ENOMEM;
118 if (!devm_request_mem_region(&dev->dev, r->start, resource_size(r), 118 rngdev->base = devm_request_and_ioremap(&dev->dev, r);
119 dev_name(&dev->dev)))
120 return -EBUSY;
121 rngdev->base = devm_ioremap(&dev->dev, r->start, resource_size(r));
122 if (!rngdev->base) 119 if (!rngdev->base)
123 return -EBUSY; 120 return -EBUSY;
124 121
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 6d16b4b0d7a0..e707979767fb 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -293,4 +293,15 @@ config CRYPTO_DEV_S5P
293 Select this to offload Samsung S5PV210 or S5PC110 from AES 293 Select this to offload Samsung S5PV210 or S5PC110 from AES
294 algorithms execution. 294 algorithms execution.
295 295
296config CRYPTO_DEV_TEGRA_AES
297 tristate "Support for TEGRA AES hw engine"
298 depends on ARCH_TEGRA
299 select CRYPTO_AES
300 help
301 TEGRA processors have AES module accelerator. Select this if you
302 want to use the TEGRA module for AES algorithms.
303
304 To compile this driver as a module, choose M here: the module
305 will be called tegra-aes.
306
296endif # CRYPTO_HW 307endif # CRYPTO_HW
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index 53ea50155319..f3e64eadd7af 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -13,3 +13,4 @@ obj-$(CONFIG_CRYPTO_DEV_OMAP_SHAM) += omap-sham.o
13obj-$(CONFIG_CRYPTO_DEV_OMAP_AES) += omap-aes.o 13obj-$(CONFIG_CRYPTO_DEV_OMAP_AES) += omap-aes.o
14obj-$(CONFIG_CRYPTO_DEV_PICOXCELL) += picoxcell_crypto.o 14obj-$(CONFIG_CRYPTO_DEV_PICOXCELL) += picoxcell_crypto.o
15obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o 15obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o
16obj-$(CONFIG_CRYPTO_DEV_TEGRA_AES) += tegra-aes.o
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index e73cf2e8110a..534a36469d57 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1844,6 +1844,25 @@ static struct caam_alg_template driver_algs[] = {
1844 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC, 1844 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC,
1845 }, 1845 },
1846 { 1846 {
1847 .name = "authenc(hmac(sha224),cbc(aes))",
1848 .driver_name = "authenc-hmac-sha224-cbc-aes-caam",
1849 .blocksize = AES_BLOCK_SIZE,
1850 .template_aead = {
1851 .setkey = aead_setkey,
1852 .setauthsize = aead_setauthsize,
1853 .encrypt = aead_encrypt,
1854 .decrypt = aead_decrypt,
1855 .givencrypt = aead_givencrypt,
1856 .geniv = "<built-in>",
1857 .ivsize = AES_BLOCK_SIZE,
1858 .maxauthsize = SHA224_DIGEST_SIZE,
1859 },
1860 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1861 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
1862 OP_ALG_AAI_HMAC_PRECOMP,
1863 .alg_op = OP_ALG_ALGSEL_SHA224 | OP_ALG_AAI_HMAC,
1864 },
1865 {
1847 .name = "authenc(hmac(sha256),cbc(aes))", 1866 .name = "authenc(hmac(sha256),cbc(aes))",
1848 .driver_name = "authenc-hmac-sha256-cbc-aes-caam", 1867 .driver_name = "authenc-hmac-sha256-cbc-aes-caam",
1849 .blocksize = AES_BLOCK_SIZE, 1868 .blocksize = AES_BLOCK_SIZE,
@@ -1864,6 +1883,26 @@ static struct caam_alg_template driver_algs[] = {
1864 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC, 1883 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC,
1865 }, 1884 },
1866 { 1885 {
1886 .name = "authenc(hmac(sha384),cbc(aes))",
1887 .driver_name = "authenc-hmac-sha384-cbc-aes-caam",
1888 .blocksize = AES_BLOCK_SIZE,
1889 .template_aead = {
1890 .setkey = aead_setkey,
1891 .setauthsize = aead_setauthsize,
1892 .encrypt = aead_encrypt,
1893 .decrypt = aead_decrypt,
1894 .givencrypt = aead_givencrypt,
1895 .geniv = "<built-in>",
1896 .ivsize = AES_BLOCK_SIZE,
1897 .maxauthsize = SHA384_DIGEST_SIZE,
1898 },
1899 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1900 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
1901 OP_ALG_AAI_HMAC_PRECOMP,
1902 .alg_op = OP_ALG_ALGSEL_SHA384 | OP_ALG_AAI_HMAC,
1903 },
1904
1905 {
1867 .name = "authenc(hmac(sha512),cbc(aes))", 1906 .name = "authenc(hmac(sha512),cbc(aes))",
1868 .driver_name = "authenc-hmac-sha512-cbc-aes-caam", 1907 .driver_name = "authenc-hmac-sha512-cbc-aes-caam",
1869 .blocksize = AES_BLOCK_SIZE, 1908 .blocksize = AES_BLOCK_SIZE,
@@ -1922,6 +1961,25 @@ static struct caam_alg_template driver_algs[] = {
1922 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC, 1961 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC,
1923 }, 1962 },
1924 { 1963 {
1964 .name = "authenc(hmac(sha224),cbc(des3_ede))",
1965 .driver_name = "authenc-hmac-sha224-cbc-des3_ede-caam",
1966 .blocksize = DES3_EDE_BLOCK_SIZE,
1967 .template_aead = {
1968 .setkey = aead_setkey,
1969 .setauthsize = aead_setauthsize,
1970 .encrypt = aead_encrypt,
1971 .decrypt = aead_decrypt,
1972 .givencrypt = aead_givencrypt,
1973 .geniv = "<built-in>",
1974 .ivsize = DES3_EDE_BLOCK_SIZE,
1975 .maxauthsize = SHA224_DIGEST_SIZE,
1976 },
1977 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1978 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
1979 OP_ALG_AAI_HMAC_PRECOMP,
1980 .alg_op = OP_ALG_ALGSEL_SHA224 | OP_ALG_AAI_HMAC,
1981 },
1982 {
1925 .name = "authenc(hmac(sha256),cbc(des3_ede))", 1983 .name = "authenc(hmac(sha256),cbc(des3_ede))",
1926 .driver_name = "authenc-hmac-sha256-cbc-des3_ede-caam", 1984 .driver_name = "authenc-hmac-sha256-cbc-des3_ede-caam",
1927 .blocksize = DES3_EDE_BLOCK_SIZE, 1985 .blocksize = DES3_EDE_BLOCK_SIZE,
@@ -1942,6 +2000,25 @@ static struct caam_alg_template driver_algs[] = {
1942 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC, 2000 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC,
1943 }, 2001 },
1944 { 2002 {
2003 .name = "authenc(hmac(sha384),cbc(des3_ede))",
2004 .driver_name = "authenc-hmac-sha384-cbc-des3_ede-caam",
2005 .blocksize = DES3_EDE_BLOCK_SIZE,
2006 .template_aead = {
2007 .setkey = aead_setkey,
2008 .setauthsize = aead_setauthsize,
2009 .encrypt = aead_encrypt,
2010 .decrypt = aead_decrypt,
2011 .givencrypt = aead_givencrypt,
2012 .geniv = "<built-in>",
2013 .ivsize = DES3_EDE_BLOCK_SIZE,
2014 .maxauthsize = SHA384_DIGEST_SIZE,
2015 },
2016 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2017 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2018 OP_ALG_AAI_HMAC_PRECOMP,
2019 .alg_op = OP_ALG_ALGSEL_SHA384 | OP_ALG_AAI_HMAC,
2020 },
2021 {
1945 .name = "authenc(hmac(sha512),cbc(des3_ede))", 2022 .name = "authenc(hmac(sha512),cbc(des3_ede))",
1946 .driver_name = "authenc-hmac-sha512-cbc-des3_ede-caam", 2023 .driver_name = "authenc-hmac-sha512-cbc-des3_ede-caam",
1947 .blocksize = DES3_EDE_BLOCK_SIZE, 2024 .blocksize = DES3_EDE_BLOCK_SIZE,
@@ -2000,6 +2077,25 @@ static struct caam_alg_template driver_algs[] = {
2000 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC, 2077 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC,
2001 }, 2078 },
2002 { 2079 {
2080 .name = "authenc(hmac(sha224),cbc(des))",
2081 .driver_name = "authenc-hmac-sha224-cbc-des-caam",
2082 .blocksize = DES_BLOCK_SIZE,
2083 .template_aead = {
2084 .setkey = aead_setkey,
2085 .setauthsize = aead_setauthsize,
2086 .encrypt = aead_encrypt,
2087 .decrypt = aead_decrypt,
2088 .givencrypt = aead_givencrypt,
2089 .geniv = "<built-in>",
2090 .ivsize = DES_BLOCK_SIZE,
2091 .maxauthsize = SHA224_DIGEST_SIZE,
2092 },
2093 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2094 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2095 OP_ALG_AAI_HMAC_PRECOMP,
2096 .alg_op = OP_ALG_ALGSEL_SHA224 | OP_ALG_AAI_HMAC,
2097 },
2098 {
2003 .name = "authenc(hmac(sha256),cbc(des))", 2099 .name = "authenc(hmac(sha256),cbc(des))",
2004 .driver_name = "authenc-hmac-sha256-cbc-des-caam", 2100 .driver_name = "authenc-hmac-sha256-cbc-des-caam",
2005 .blocksize = DES_BLOCK_SIZE, 2101 .blocksize = DES_BLOCK_SIZE,
@@ -2020,6 +2116,25 @@ static struct caam_alg_template driver_algs[] = {
2020 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC, 2116 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC,
2021 }, 2117 },
2022 { 2118 {
2119 .name = "authenc(hmac(sha384),cbc(des))",
2120 .driver_name = "authenc-hmac-sha384-cbc-des-caam",
2121 .blocksize = DES_BLOCK_SIZE,
2122 .template_aead = {
2123 .setkey = aead_setkey,
2124 .setauthsize = aead_setauthsize,
2125 .encrypt = aead_encrypt,
2126 .decrypt = aead_decrypt,
2127 .givencrypt = aead_givencrypt,
2128 .geniv = "<built-in>",
2129 .ivsize = DES_BLOCK_SIZE,
2130 .maxauthsize = SHA384_DIGEST_SIZE,
2131 },
2132 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2133 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2134 OP_ALG_AAI_HMAC_PRECOMP,
2135 .alg_op = OP_ALG_ALGSEL_SHA384 | OP_ALG_AAI_HMAC,
2136 },
2137 {
2023 .name = "authenc(hmac(sha512),cbc(des))", 2138 .name = "authenc(hmac(sha512),cbc(des))",
2024 .driver_name = "authenc-hmac-sha512-cbc-des-caam", 2139 .driver_name = "authenc-hmac-sha512-cbc-des-caam",
2025 .blocksize = DES_BLOCK_SIZE, 2140 .blocksize = DES_BLOCK_SIZE,
@@ -2205,7 +2320,8 @@ static struct caam_crypto_alg *caam_alg_alloc(struct device *ctrldev,
2205 alg->cra_blocksize = template->blocksize; 2320 alg->cra_blocksize = template->blocksize;
2206 alg->cra_alignmask = 0; 2321 alg->cra_alignmask = 0;
2207 alg->cra_ctxsize = sizeof(struct caam_ctx); 2322 alg->cra_ctxsize = sizeof(struct caam_ctx);
2208 alg->cra_flags = CRYPTO_ALG_ASYNC | template->type; 2323 alg->cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY |
2324 template->type;
2209 switch (template->type) { 2325 switch (template->type) {
2210 case CRYPTO_ALG_TYPE_ABLKCIPHER: 2326 case CRYPTO_ALG_TYPE_ABLKCIPHER:
2211 alg->cra_type = &crypto_ablkcipher_type; 2327 alg->cra_type = &crypto_ablkcipher_type;
@@ -2285,12 +2401,12 @@ static int __init caam_algapi_init(void)
2285 dev_warn(ctrldev, "%s alg registration failed\n", 2401 dev_warn(ctrldev, "%s alg registration failed\n",
2286 t_alg->crypto_alg.cra_driver_name); 2402 t_alg->crypto_alg.cra_driver_name);
2287 kfree(t_alg); 2403 kfree(t_alg);
2288 } else { 2404 } else
2289 list_add_tail(&t_alg->entry, &priv->alg_list); 2405 list_add_tail(&t_alg->entry, &priv->alg_list);
2290 dev_info(ctrldev, "%s\n",
2291 t_alg->crypto_alg.cra_driver_name);
2292 }
2293 } 2406 }
2407 if (!list_empty(&priv->alg_list))
2408 dev_info(ctrldev, "%s algorithms registered in /proc/crypto\n",
2409 (char *)of_get_property(dev_node, "compatible", NULL));
2294 2410
2295 return err; 2411 return err;
2296} 2412}
diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 8ae3ba2a160d..c5f61c55d923 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -46,7 +46,7 @@ static int caam_remove(struct platform_device *pdev)
46/* Probe routine for CAAM top (controller) level */ 46/* Probe routine for CAAM top (controller) level */
47static int caam_probe(struct platform_device *pdev) 47static int caam_probe(struct platform_device *pdev)
48{ 48{
49 int d, ring, rspec; 49 int ring, rspec;
50 struct device *dev; 50 struct device *dev;
51 struct device_node *nprop, *np; 51 struct device_node *nprop, *np;
52 struct caam_ctrl __iomem *ctrl; 52 struct caam_ctrl __iomem *ctrl;
diff --git a/drivers/crypto/geode-aes.c b/drivers/crypto/geode-aes.c
index 219d09cbb0d1..f3e36c86b6c3 100644
--- a/drivers/crypto/geode-aes.c
+++ b/drivers/crypto/geode-aes.c
@@ -393,7 +393,8 @@ static struct crypto_alg geode_cbc_alg = {
393 .cra_driver_name = "cbc-aes-geode", 393 .cra_driver_name = "cbc-aes-geode",
394 .cra_priority = 400, 394 .cra_priority = 400,
395 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 395 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER |
396 CRYPTO_ALG_NEED_FALLBACK, 396 CRYPTO_ALG_KERN_DRIVER_ONLY |
397 CRYPTO_ALG_NEED_FALLBACK,
397 .cra_init = fallback_init_blk, 398 .cra_init = fallback_init_blk,
398 .cra_exit = fallback_exit_blk, 399 .cra_exit = fallback_exit_blk,
399 .cra_blocksize = AES_MIN_BLOCK_SIZE, 400 .cra_blocksize = AES_MIN_BLOCK_SIZE,
@@ -479,7 +480,8 @@ static struct crypto_alg geode_ecb_alg = {
479 .cra_driver_name = "ecb-aes-geode", 480 .cra_driver_name = "ecb-aes-geode",
480 .cra_priority = 400, 481 .cra_priority = 400,
481 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 482 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER |
482 CRYPTO_ALG_NEED_FALLBACK, 483 CRYPTO_ALG_KERN_DRIVER_ONLY |
484 CRYPTO_ALG_NEED_FALLBACK,
483 .cra_init = fallback_init_blk, 485 .cra_init = fallback_init_blk,
484 .cra_exit = fallback_exit_blk, 486 .cra_exit = fallback_exit_blk,
485 .cra_blocksize = AES_MIN_BLOCK_SIZE, 487 .cra_blocksize = AES_MIN_BLOCK_SIZE,
diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
index 76368f984023..c9c4befb5a8d 100644
--- a/drivers/crypto/hifn_795x.c
+++ b/drivers/crypto/hifn_795x.c
@@ -2494,7 +2494,8 @@ static int hifn_alg_alloc(struct hifn_device *dev, struct hifn_alg_template *t)
2494 t->drv_name, dev->name); 2494 t->drv_name, dev->name);
2495 2495
2496 alg->alg.cra_priority = 300; 2496 alg->alg.cra_priority = 300;
2497 alg->alg.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC; 2497 alg->alg.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
2498 CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC;
2498 alg->alg.cra_blocksize = t->bsize; 2499 alg->alg.cra_blocksize = t->bsize;
2499 alg->alg.cra_ctxsize = sizeof(struct hifn_context); 2500 alg->alg.cra_ctxsize = sizeof(struct hifn_context);
2500 alg->alg.cra_alignmask = 0; 2501 alg->alg.cra_alignmask = 0;
diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index 4c20c5bf6058..0053d7ebb5ca 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -265,7 +265,7 @@ static int setup_crypt_desc(void)
265 BUILD_BUG_ON(sizeof(struct crypt_ctl) != 64); 265 BUILD_BUG_ON(sizeof(struct crypt_ctl) != 64);
266 crypt_virt = dma_alloc_coherent(dev, 266 crypt_virt = dma_alloc_coherent(dev,
267 NPE_QLEN * sizeof(struct crypt_ctl), 267 NPE_QLEN * sizeof(struct crypt_ctl),
268 &crypt_phys, GFP_KERNEL); 268 &crypt_phys, GFP_ATOMIC);
269 if (!crypt_virt) 269 if (!crypt_virt)
270 return -ENOMEM; 270 return -ENOMEM;
271 memset(crypt_virt, 0, NPE_QLEN * sizeof(struct crypt_ctl)); 271 memset(crypt_virt, 0, NPE_QLEN * sizeof(struct crypt_ctl));
@@ -1449,6 +1449,7 @@ static int __init ixp_module_init(void)
1449 /* block ciphers */ 1449 /* block ciphers */
1450 cra->cra_type = &crypto_ablkcipher_type; 1450 cra->cra_type = &crypto_ablkcipher_type;
1451 cra->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1451 cra->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1452 CRYPTO_ALG_KERN_DRIVER_ONLY |
1452 CRYPTO_ALG_ASYNC; 1453 CRYPTO_ALG_ASYNC;
1453 if (!cra->cra_ablkcipher.setkey) 1454 if (!cra->cra_ablkcipher.setkey)
1454 cra->cra_ablkcipher.setkey = ablk_setkey; 1455 cra->cra_ablkcipher.setkey = ablk_setkey;
@@ -1461,6 +1462,7 @@ static int __init ixp_module_init(void)
1461 /* authenc */ 1462 /* authenc */
1462 cra->cra_type = &crypto_aead_type; 1463 cra->cra_type = &crypto_aead_type;
1463 cra->cra_flags = CRYPTO_ALG_TYPE_AEAD | 1464 cra->cra_flags = CRYPTO_ALG_TYPE_AEAD |
1465 CRYPTO_ALG_KERN_DRIVER_ONLY |
1464 CRYPTO_ALG_ASYNC; 1466 CRYPTO_ALG_ASYNC;
1465 cra->cra_aead.setkey = aead_setkey; 1467 cra->cra_aead.setkey = aead_setkey;
1466 cra->cra_aead.setauthsize = aead_setauthsize; 1468 cra->cra_aead.setauthsize = aead_setauthsize;
diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c
index 0d40cf66b3cc..e6ecc5f23943 100644
--- a/drivers/crypto/mv_cesa.c
+++ b/drivers/crypto/mv_cesa.c
@@ -899,7 +899,8 @@ struct crypto_alg mv_aes_alg_ecb = {
899 .cra_name = "ecb(aes)", 899 .cra_name = "ecb(aes)",
900 .cra_driver_name = "mv-ecb-aes", 900 .cra_driver_name = "mv-ecb-aes",
901 .cra_priority = 300, 901 .cra_priority = 300,
902 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 902 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
903 CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC,
903 .cra_blocksize = 16, 904 .cra_blocksize = 16,
904 .cra_ctxsize = sizeof(struct mv_ctx), 905 .cra_ctxsize = sizeof(struct mv_ctx),
905 .cra_alignmask = 0, 906 .cra_alignmask = 0,
@@ -921,7 +922,8 @@ struct crypto_alg mv_aes_alg_cbc = {
921 .cra_name = "cbc(aes)", 922 .cra_name = "cbc(aes)",
922 .cra_driver_name = "mv-cbc-aes", 923 .cra_driver_name = "mv-cbc-aes",
923 .cra_priority = 300, 924 .cra_priority = 300,
924 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 925 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
926 CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC,
925 .cra_blocksize = AES_BLOCK_SIZE, 927 .cra_blocksize = AES_BLOCK_SIZE,
926 .cra_ctxsize = sizeof(struct mv_ctx), 928 .cra_ctxsize = sizeof(struct mv_ctx),
927 .cra_alignmask = 0, 929 .cra_alignmask = 0,
@@ -953,7 +955,8 @@ struct ahash_alg mv_sha1_alg = {
953 .cra_driver_name = "mv-sha1", 955 .cra_driver_name = "mv-sha1",
954 .cra_priority = 300, 956 .cra_priority = 300,
955 .cra_flags = 957 .cra_flags =
956 CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, 958 CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY |
959 CRYPTO_ALG_NEED_FALLBACK,
957 .cra_blocksize = SHA1_BLOCK_SIZE, 960 .cra_blocksize = SHA1_BLOCK_SIZE,
958 .cra_ctxsize = sizeof(struct mv_tfm_hash_ctx), 961 .cra_ctxsize = sizeof(struct mv_tfm_hash_ctx),
959 .cra_init = mv_cra_hash_sha1_init, 962 .cra_init = mv_cra_hash_sha1_init,
@@ -977,7 +980,8 @@ struct ahash_alg mv_hmac_sha1_alg = {
977 .cra_driver_name = "mv-hmac-sha1", 980 .cra_driver_name = "mv-hmac-sha1",
978 .cra_priority = 300, 981 .cra_priority = 300,
979 .cra_flags = 982 .cra_flags =
980 CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, 983 CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY |
984 CRYPTO_ALG_NEED_FALLBACK,
981 .cra_blocksize = SHA1_BLOCK_SIZE, 985 .cra_blocksize = SHA1_BLOCK_SIZE,
982 .cra_ctxsize = sizeof(struct mv_tfm_hash_ctx), 986 .cra_ctxsize = sizeof(struct mv_tfm_hash_ctx),
983 .cra_init = mv_cra_hash_hmac_sha1_init, 987 .cra_init = mv_cra_hash_hmac_sha1_init,
diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 8944dabc0e3c..67b97c5fd859 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -1402,7 +1402,8 @@ static int __devinit __n2_register_one_cipher(const struct n2_cipher_tmpl *tmpl)
1402 snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); 1402 snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name);
1403 snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s-n2", tmpl->drv_name); 1403 snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s-n2", tmpl->drv_name);
1404 alg->cra_priority = N2_CRA_PRIORITY; 1404 alg->cra_priority = N2_CRA_PRIORITY;
1405 alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC; 1405 alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1406 CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC;
1406 alg->cra_blocksize = tmpl->block_size; 1407 alg->cra_blocksize = tmpl->block_size;
1407 p->enc_type = tmpl->enc_type; 1408 p->enc_type = tmpl->enc_type;
1408 alg->cra_ctxsize = sizeof(struct n2_cipher_context); 1409 alg->cra_ctxsize = sizeof(struct n2_cipher_context);
@@ -1493,7 +1494,9 @@ static int __devinit __n2_register_one_ahash(const struct n2_hash_tmpl *tmpl)
1493 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); 1494 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name);
1494 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s-n2", tmpl->name); 1495 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s-n2", tmpl->name);
1495 base->cra_priority = N2_CRA_PRIORITY; 1496 base->cra_priority = N2_CRA_PRIORITY;
1496 base->cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK; 1497 base->cra_flags = CRYPTO_ALG_TYPE_AHASH |
1498 CRYPTO_ALG_KERN_DRIVER_ONLY |
1499 CRYPTO_ALG_NEED_FALLBACK;
1497 base->cra_blocksize = tmpl->block_size; 1500 base->cra_blocksize = tmpl->block_size;
1498 base->cra_ctxsize = sizeof(struct n2_hash_ctx); 1501 base->cra_ctxsize = sizeof(struct n2_hash_ctx);
1499 base->cra_module = THIS_MODULE; 1502 base->cra_module = THIS_MODULE;
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index 5b970d9e9956..63e57b57a12c 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -756,7 +756,9 @@ static struct crypto_alg algs[] = {
756 .cra_name = "ecb(aes)", 756 .cra_name = "ecb(aes)",
757 .cra_driver_name = "ecb-aes-omap", 757 .cra_driver_name = "ecb-aes-omap",
758 .cra_priority = 100, 758 .cra_priority = 100,
759 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 759 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
760 CRYPTO_ALG_KERN_DRIVER_ONLY |
761 CRYPTO_ALG_ASYNC,
760 .cra_blocksize = AES_BLOCK_SIZE, 762 .cra_blocksize = AES_BLOCK_SIZE,
761 .cra_ctxsize = sizeof(struct omap_aes_ctx), 763 .cra_ctxsize = sizeof(struct omap_aes_ctx),
762 .cra_alignmask = 0, 764 .cra_alignmask = 0,
@@ -776,7 +778,9 @@ static struct crypto_alg algs[] = {
776 .cra_name = "cbc(aes)", 778 .cra_name = "cbc(aes)",
777 .cra_driver_name = "cbc-aes-omap", 779 .cra_driver_name = "cbc-aes-omap",
778 .cra_priority = 100, 780 .cra_priority = 100,
779 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 781 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
782 CRYPTO_ALG_KERN_DRIVER_ONLY |
783 CRYPTO_ALG_ASYNC,
780 .cra_blocksize = AES_BLOCK_SIZE, 784 .cra_blocksize = AES_BLOCK_SIZE,
781 .cra_ctxsize = sizeof(struct omap_aes_ctx), 785 .cra_ctxsize = sizeof(struct omap_aes_ctx),
782 .cra_alignmask = 0, 786 .cra_alignmask = 0,
diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 6399a8f1938a..a3fd6fc504b1 100644
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -953,6 +953,7 @@ static struct ahash_alg algs[] = {
953 .cra_driver_name = "omap-sha1", 953 .cra_driver_name = "omap-sha1",
954 .cra_priority = 100, 954 .cra_priority = 100,
955 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 955 .cra_flags = CRYPTO_ALG_TYPE_AHASH |
956 CRYPTO_ALG_KERN_DRIVER_ONLY |
956 CRYPTO_ALG_ASYNC | 957 CRYPTO_ALG_ASYNC |
957 CRYPTO_ALG_NEED_FALLBACK, 958 CRYPTO_ALG_NEED_FALLBACK,
958 .cra_blocksize = SHA1_BLOCK_SIZE, 959 .cra_blocksize = SHA1_BLOCK_SIZE,
@@ -975,6 +976,7 @@ static struct ahash_alg algs[] = {
975 .cra_driver_name = "omap-md5", 976 .cra_driver_name = "omap-md5",
976 .cra_priority = 100, 977 .cra_priority = 100,
977 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 978 .cra_flags = CRYPTO_ALG_TYPE_AHASH |
979 CRYPTO_ALG_KERN_DRIVER_ONLY |
978 CRYPTO_ALG_ASYNC | 980 CRYPTO_ALG_ASYNC |
979 CRYPTO_ALG_NEED_FALLBACK, 981 CRYPTO_ALG_NEED_FALLBACK,
980 .cra_blocksize = SHA1_BLOCK_SIZE, 982 .cra_blocksize = SHA1_BLOCK_SIZE,
@@ -998,6 +1000,7 @@ static struct ahash_alg algs[] = {
998 .cra_driver_name = "omap-hmac-sha1", 1000 .cra_driver_name = "omap-hmac-sha1",
999 .cra_priority = 100, 1001 .cra_priority = 100,
1000 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1002 .cra_flags = CRYPTO_ALG_TYPE_AHASH |
1003 CRYPTO_ALG_KERN_DRIVER_ONLY |
1001 CRYPTO_ALG_ASYNC | 1004 CRYPTO_ALG_ASYNC |
1002 CRYPTO_ALG_NEED_FALLBACK, 1005 CRYPTO_ALG_NEED_FALLBACK,
1003 .cra_blocksize = SHA1_BLOCK_SIZE, 1006 .cra_blocksize = SHA1_BLOCK_SIZE,
@@ -1022,6 +1025,7 @@ static struct ahash_alg algs[] = {
1022 .cra_driver_name = "omap-hmac-md5", 1025 .cra_driver_name = "omap-hmac-md5",
1023 .cra_priority = 100, 1026 .cra_priority = 100,
1024 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1027 .cra_flags = CRYPTO_ALG_TYPE_AHASH |
1028 CRYPTO_ALG_KERN_DRIVER_ONLY |
1025 CRYPTO_ALG_ASYNC | 1029 CRYPTO_ALG_ASYNC |
1026 CRYPTO_ALG_NEED_FALLBACK, 1030 CRYPTO_ALG_NEED_FALLBACK,
1027 .cra_blocksize = SHA1_BLOCK_SIZE, 1031 .cra_blocksize = SHA1_BLOCK_SIZE,
diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c
index 58480d009324..410a03c01ca4 100644
--- a/drivers/crypto/picoxcell_crypto.c
+++ b/drivers/crypto/picoxcell_crypto.c
@@ -1322,6 +1322,7 @@ static struct spacc_alg ipsec_engine_algs[] = {
1322 .cra_driver_name = "cbc-aes-picoxcell", 1322 .cra_driver_name = "cbc-aes-picoxcell",
1323 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1323 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1324 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1324 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1325 CRYPTO_ALG_KERN_DRIVER_ONLY |
1325 CRYPTO_ALG_ASYNC | 1326 CRYPTO_ALG_ASYNC |
1326 CRYPTO_ALG_NEED_FALLBACK, 1327 CRYPTO_ALG_NEED_FALLBACK,
1327 .cra_blocksize = AES_BLOCK_SIZE, 1328 .cra_blocksize = AES_BLOCK_SIZE,
@@ -1349,6 +1350,7 @@ static struct spacc_alg ipsec_engine_algs[] = {
1349 .cra_driver_name = "ecb-aes-picoxcell", 1350 .cra_driver_name = "ecb-aes-picoxcell",
1350 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1351 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1351 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1352 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1353 CRYPTO_ALG_KERN_DRIVER_ONLY |
1352 CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, 1354 CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK,
1353 .cra_blocksize = AES_BLOCK_SIZE, 1355 .cra_blocksize = AES_BLOCK_SIZE,
1354 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1356 .cra_ctxsize = sizeof(struct spacc_ablk_ctx),
@@ -1373,7 +1375,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1373 .cra_name = "cbc(des)", 1375 .cra_name = "cbc(des)",
1374 .cra_driver_name = "cbc-des-picoxcell", 1376 .cra_driver_name = "cbc-des-picoxcell",
1375 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1377 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1376 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1378 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1379 CRYPTO_ALG_ASYNC |
1380 CRYPTO_ALG_KERN_DRIVER_ONLY,
1377 .cra_blocksize = DES_BLOCK_SIZE, 1381 .cra_blocksize = DES_BLOCK_SIZE,
1378 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1382 .cra_ctxsize = sizeof(struct spacc_ablk_ctx),
1379 .cra_type = &crypto_ablkcipher_type, 1383 .cra_type = &crypto_ablkcipher_type,
@@ -1398,7 +1402,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1398 .cra_name = "ecb(des)", 1402 .cra_name = "ecb(des)",
1399 .cra_driver_name = "ecb-des-picoxcell", 1403 .cra_driver_name = "ecb-des-picoxcell",
1400 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1404 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1401 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1405 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1406 CRYPTO_ALG_ASYNC |
1407 CRYPTO_ALG_KERN_DRIVER_ONLY,
1402 .cra_blocksize = DES_BLOCK_SIZE, 1408 .cra_blocksize = DES_BLOCK_SIZE,
1403 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1409 .cra_ctxsize = sizeof(struct spacc_ablk_ctx),
1404 .cra_type = &crypto_ablkcipher_type, 1410 .cra_type = &crypto_ablkcipher_type,
@@ -1422,7 +1428,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1422 .cra_name = "cbc(des3_ede)", 1428 .cra_name = "cbc(des3_ede)",
1423 .cra_driver_name = "cbc-des3-ede-picoxcell", 1429 .cra_driver_name = "cbc-des3-ede-picoxcell",
1424 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1430 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1425 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1431 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1432 CRYPTO_ALG_ASYNC |
1433 CRYPTO_ALG_KERN_DRIVER_ONLY,
1426 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1434 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1427 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1435 .cra_ctxsize = sizeof(struct spacc_ablk_ctx),
1428 .cra_type = &crypto_ablkcipher_type, 1436 .cra_type = &crypto_ablkcipher_type,
@@ -1447,7 +1455,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1447 .cra_name = "ecb(des3_ede)", 1455 .cra_name = "ecb(des3_ede)",
1448 .cra_driver_name = "ecb-des3-ede-picoxcell", 1456 .cra_driver_name = "ecb-des3-ede-picoxcell",
1449 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1457 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1450 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1458 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
1459 CRYPTO_ALG_ASYNC |
1460 CRYPTO_ALG_KERN_DRIVER_ONLY,
1451 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1461 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1452 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1462 .cra_ctxsize = sizeof(struct spacc_ablk_ctx),
1453 .cra_type = &crypto_ablkcipher_type, 1463 .cra_type = &crypto_ablkcipher_type,
@@ -1472,7 +1482,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1472 .cra_name = "authenc(hmac(sha1),cbc(aes))", 1482 .cra_name = "authenc(hmac(sha1),cbc(aes))",
1473 .cra_driver_name = "authenc-hmac-sha1-cbc-aes-picoxcell", 1483 .cra_driver_name = "authenc-hmac-sha1-cbc-aes-picoxcell",
1474 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1484 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1475 .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1485 .cra_flags = CRYPTO_ALG_TYPE_AEAD |
1486 CRYPTO_ALG_ASYNC |
1487 CRYPTO_ALG_KERN_DRIVER_ONLY,
1476 .cra_blocksize = AES_BLOCK_SIZE, 1488 .cra_blocksize = AES_BLOCK_SIZE,
1477 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1489 .cra_ctxsize = sizeof(struct spacc_aead_ctx),
1478 .cra_type = &crypto_aead_type, 1490 .cra_type = &crypto_aead_type,
@@ -1500,7 +1512,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1500 .cra_name = "authenc(hmac(sha256),cbc(aes))", 1512 .cra_name = "authenc(hmac(sha256),cbc(aes))",
1501 .cra_driver_name = "authenc-hmac-sha256-cbc-aes-picoxcell", 1513 .cra_driver_name = "authenc-hmac-sha256-cbc-aes-picoxcell",
1502 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1514 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1503 .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1515 .cra_flags = CRYPTO_ALG_TYPE_AEAD |
1516 CRYPTO_ALG_ASYNC |
1517 CRYPTO_ALG_KERN_DRIVER_ONLY,
1504 .cra_blocksize = AES_BLOCK_SIZE, 1518 .cra_blocksize = AES_BLOCK_SIZE,
1505 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1519 .cra_ctxsize = sizeof(struct spacc_aead_ctx),
1506 .cra_type = &crypto_aead_type, 1520 .cra_type = &crypto_aead_type,
@@ -1527,7 +1541,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1527 .cra_name = "authenc(hmac(md5),cbc(aes))", 1541 .cra_name = "authenc(hmac(md5),cbc(aes))",
1528 .cra_driver_name = "authenc-hmac-md5-cbc-aes-picoxcell", 1542 .cra_driver_name = "authenc-hmac-md5-cbc-aes-picoxcell",
1529 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1543 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1530 .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1544 .cra_flags = CRYPTO_ALG_TYPE_AEAD |
1545 CRYPTO_ALG_ASYNC |
1546 CRYPTO_ALG_KERN_DRIVER_ONLY,
1531 .cra_blocksize = AES_BLOCK_SIZE, 1547 .cra_blocksize = AES_BLOCK_SIZE,
1532 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1548 .cra_ctxsize = sizeof(struct spacc_aead_ctx),
1533 .cra_type = &crypto_aead_type, 1549 .cra_type = &crypto_aead_type,
@@ -1554,7 +1570,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1554 .cra_name = "authenc(hmac(sha1),cbc(des3_ede))", 1570 .cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
1555 .cra_driver_name = "authenc-hmac-sha1-cbc-3des-picoxcell", 1571 .cra_driver_name = "authenc-hmac-sha1-cbc-3des-picoxcell",
1556 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1572 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1557 .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1573 .cra_flags = CRYPTO_ALG_TYPE_AEAD |
1574 CRYPTO_ALG_ASYNC |
1575 CRYPTO_ALG_KERN_DRIVER_ONLY,
1558 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1576 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1559 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1577 .cra_ctxsize = sizeof(struct spacc_aead_ctx),
1560 .cra_type = &crypto_aead_type, 1578 .cra_type = &crypto_aead_type,
@@ -1582,7 +1600,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1582 .cra_name = "authenc(hmac(sha256),cbc(des3_ede))", 1600 .cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
1583 .cra_driver_name = "authenc-hmac-sha256-cbc-3des-picoxcell", 1601 .cra_driver_name = "authenc-hmac-sha256-cbc-3des-picoxcell",
1584 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1602 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1585 .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1603 .cra_flags = CRYPTO_ALG_TYPE_AEAD |
1604 CRYPTO_ALG_ASYNC |
1605 CRYPTO_ALG_KERN_DRIVER_ONLY,
1586 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1606 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1587 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1607 .cra_ctxsize = sizeof(struct spacc_aead_ctx),
1588 .cra_type = &crypto_aead_type, 1608 .cra_type = &crypto_aead_type,
@@ -1609,7 +1629,9 @@ static struct spacc_alg ipsec_engine_algs[] = {
1609 .cra_name = "authenc(hmac(md5),cbc(des3_ede))", 1629 .cra_name = "authenc(hmac(md5),cbc(des3_ede))",
1610 .cra_driver_name = "authenc-hmac-md5-cbc-3des-picoxcell", 1630 .cra_driver_name = "authenc-hmac-md5-cbc-3des-picoxcell",
1611 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1631 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1612 .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1632 .cra_flags = CRYPTO_ALG_TYPE_AEAD |
1633 CRYPTO_ALG_ASYNC |
1634 CRYPTO_ALG_KERN_DRIVER_ONLY,
1613 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1635 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1614 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1636 .cra_ctxsize = sizeof(struct spacc_aead_ctx),
1615 .cra_type = &crypto_aead_type, 1637 .cra_type = &crypto_aead_type,
@@ -1639,7 +1661,9 @@ static struct spacc_alg l2_engine_algs[] = {
1639 .cra_name = "f8(kasumi)", 1661 .cra_name = "f8(kasumi)",
1640 .cra_driver_name = "f8-kasumi-picoxcell", 1662 .cra_driver_name = "f8-kasumi-picoxcell",
1641 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1663 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY,
1642 .cra_flags = CRYPTO_ALG_TYPE_GIVCIPHER | CRYPTO_ALG_ASYNC, 1664 .cra_flags = CRYPTO_ALG_TYPE_GIVCIPHER |
1665 CRYPTO_ALG_ASYNC |
1666 CRYPTO_ALG_KERN_DRIVER_ONLY,
1643 .cra_blocksize = 8, 1667 .cra_blocksize = 8,
1644 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1668 .cra_ctxsize = sizeof(struct spacc_ablk_ctx),
1645 .cra_type = &crypto_ablkcipher_type, 1669 .cra_type = &crypto_ablkcipher_type,
diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c
index 3376bca200fc..bc986f806086 100644
--- a/drivers/crypto/s5p-sss.c
+++ b/drivers/crypto/s5p-sss.c
@@ -518,7 +518,8 @@ static struct crypto_alg algs[] = {
518 .cra_driver_name = "ecb-aes-s5p", 518 .cra_driver_name = "ecb-aes-s5p",
519 .cra_priority = 100, 519 .cra_priority = 100,
520 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 520 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
521 CRYPTO_ALG_ASYNC, 521 CRYPTO_ALG_ASYNC |
522 CRYPTO_ALG_KERN_DRIVER_ONLY,
522 .cra_blocksize = AES_BLOCK_SIZE, 523 .cra_blocksize = AES_BLOCK_SIZE,
523 .cra_ctxsize = sizeof(struct s5p_aes_ctx), 524 .cra_ctxsize = sizeof(struct s5p_aes_ctx),
524 .cra_alignmask = 0x0f, 525 .cra_alignmask = 0x0f,
@@ -538,7 +539,8 @@ static struct crypto_alg algs[] = {
538 .cra_driver_name = "cbc-aes-s5p", 539 .cra_driver_name = "cbc-aes-s5p",
539 .cra_priority = 100, 540 .cra_priority = 100,
540 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 541 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
541 CRYPTO_ALG_ASYNC, 542 CRYPTO_ALG_ASYNC |
543 CRYPTO_ALG_KERN_DRIVER_ONLY,
542 .cra_blocksize = AES_BLOCK_SIZE, 544 .cra_blocksize = AES_BLOCK_SIZE,
543 .cra_ctxsize = sizeof(struct s5p_aes_ctx), 545 .cra_ctxsize = sizeof(struct s5p_aes_ctx),
544 .cra_alignmask = 0x0f, 546 .cra_alignmask = 0x0f,
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 2d8c78901686..dc641c796526 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -2648,6 +2648,7 @@ static struct talitos_crypto_alg *talitos_alg_alloc(struct device *dev,
2648 alg->cra_priority = TALITOS_CRA_PRIORITY; 2648 alg->cra_priority = TALITOS_CRA_PRIORITY;
2649 alg->cra_alignmask = 0; 2649 alg->cra_alignmask = 0;
2650 alg->cra_ctxsize = sizeof(struct talitos_ctx); 2650 alg->cra_ctxsize = sizeof(struct talitos_ctx);
2651 alg->cra_flags |= CRYPTO_ALG_KERN_DRIVER_ONLY;
2651 2652
2652 t_alg->dev = dev; 2653 t_alg->dev = dev;
2653 2654
diff --git a/drivers/crypto/tegra-aes.c b/drivers/crypto/tegra-aes.c
new file mode 100644
index 000000000000..422a9766c7c9
--- /dev/null
+++ b/drivers/crypto/tegra-aes.c
@@ -0,0 +1,1096 @@
1/*
2 * drivers/crypto/tegra-aes.c
3 *
4 * Driver for NVIDIA Tegra AES hardware engine residing inside the
5 * Bit Stream Engine for Video (BSEV) hardware block.
6 *
7 * The programming sequence for this engine is with the help
8 * of commands which travel via a command queue residing between the
9 * CPU and the BSEV block. The BSEV engine has an internal RAM (VRAM)
10 * where the final input plaintext, keys and the IV have to be copied
11 * before starting the encrypt/decrypt operation.
12 *
13 * Copyright (c) 2010, NVIDIA Corporation.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful, but WITHOUT
21 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
22 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
23 * more details.
24 *
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
28 */
29
30#include <linux/module.h>
31#include <linux/init.h>
32#include <linux/errno.h>
33#include <linux/kernel.h>
34#include <linux/clk.h>
35#include <linux/platform_device.h>
36#include <linux/scatterlist.h>
37#include <linux/dma-mapping.h>
38#include <linux/io.h>
39#include <linux/mutex.h>
40#include <linux/interrupt.h>
41#include <linux/completion.h>
42#include <linux/workqueue.h>
43
44#include <mach/clk.h>
45
46#include <crypto/scatterwalk.h>
47#include <crypto/aes.h>
48#include <crypto/internal/rng.h>
49
50#include "tegra-aes.h"
51
52#define FLAGS_MODE_MASK 0x00FF
53#define FLAGS_ENCRYPT BIT(0)
54#define FLAGS_CBC BIT(1)
55#define FLAGS_GIV BIT(2)
56#define FLAGS_RNG BIT(3)
57#define FLAGS_OFB BIT(4)
58#define FLAGS_NEW_KEY BIT(5)
59#define FLAGS_NEW_IV BIT(6)
60#define FLAGS_INIT BIT(7)
61#define FLAGS_FAST BIT(8)
62#define FLAGS_BUSY 9
63
64/*
65 * Defines AES engine Max process bytes size in one go, which takes 1 msec.
66 * AES engine spends about 176 cycles/16-bytes or 11 cycles/byte
67 * The duration CPU can use the BSE to 1 msec, then the number of available
68 * cycles of AVP/BSE is 216K. In this duration, AES can process 216/11 ~= 19KB
69 * Based on this AES_HW_DMA_BUFFER_SIZE_BYTES is configured to 16KB.
70 */
71#define AES_HW_DMA_BUFFER_SIZE_BYTES 0x4000
72
73/*
74 * The key table length is 64 bytes
75 * (This includes first upto 32 bytes key + 16 bytes original initial vector
76 * and 16 bytes updated initial vector)
77 */
78#define AES_HW_KEY_TABLE_LENGTH_BYTES 64
79
80/*
81 * The memory being used is divides as follows:
82 * 1. Key - 32 bytes
83 * 2. Original IV - 16 bytes
84 * 3. Updated IV - 16 bytes
85 * 4. Key schedule - 256 bytes
86 *
87 * 1+2+3 constitute the hw key table.
88 */
89#define AES_HW_IV_SIZE 16
90#define AES_HW_KEYSCHEDULE_LEN 256
91#define AES_IVKEY_SIZE (AES_HW_KEY_TABLE_LENGTH_BYTES + AES_HW_KEYSCHEDULE_LEN)
92
93/* Define commands required for AES operation */
94enum {
95 CMD_BLKSTARTENGINE = 0x0E,
96 CMD_DMASETUP = 0x10,
97 CMD_DMACOMPLETE = 0x11,
98 CMD_SETTABLE = 0x15,
99 CMD_MEMDMAVD = 0x22,
100};
101
102/* Define sub-commands */
103enum {
104 SUBCMD_VRAM_SEL = 0x1,
105 SUBCMD_CRYPTO_TABLE_SEL = 0x3,
106 SUBCMD_KEY_TABLE_SEL = 0x8,
107};
108
109/* memdma_vd command */
110#define MEMDMA_DIR_DTOVRAM 0 /* sdram -> vram */
111#define MEMDMA_DIR_VTODRAM 1 /* vram -> sdram */
112#define MEMDMA_DIR_SHIFT 25
113#define MEMDMA_NUM_WORDS_SHIFT 12
114
115/* command queue bit shifts */
116enum {
117 CMDQ_KEYTABLEADDR_SHIFT = 0,
118 CMDQ_KEYTABLEID_SHIFT = 17,
119 CMDQ_VRAMSEL_SHIFT = 23,
120 CMDQ_TABLESEL_SHIFT = 24,
121 CMDQ_OPCODE_SHIFT = 26,
122};
123
124/*
125 * The secure key slot contains a unique secure key generated
126 * and loaded by the bootloader. This slot is marked as non-accessible
127 * to the kernel.
128 */
129#define SSK_SLOT_NUM 4
130
131#define AES_NR_KEYSLOTS 8
132#define TEGRA_AES_QUEUE_LENGTH 50
133#define DEFAULT_RNG_BLK_SZ 16
134
135/* The command queue depth */
136#define AES_HW_MAX_ICQ_LENGTH 5
137
138struct tegra_aes_slot {
139 struct list_head node;
140 int slot_num;
141};
142
143static struct tegra_aes_slot ssk = {
144 .slot_num = SSK_SLOT_NUM,
145};
146
147struct tegra_aes_reqctx {
148 unsigned long mode;
149};
150
151struct tegra_aes_dev {
152 struct device *dev;
153 void __iomem *io_base;
154 dma_addr_t ivkey_phys_base;
155 void __iomem *ivkey_base;
156 struct clk *aes_clk;
157 struct tegra_aes_ctx *ctx;
158 int irq;
159 unsigned long flags;
160 struct completion op_complete;
161 u32 *buf_in;
162 dma_addr_t dma_buf_in;
163 u32 *buf_out;
164 dma_addr_t dma_buf_out;
165 u8 *iv;
166 u8 dt[DEFAULT_RNG_BLK_SZ];
167 int ivlen;
168 u64 ctr;
169 spinlock_t lock;
170 struct crypto_queue queue;
171 struct tegra_aes_slot *slots;
172 struct ablkcipher_request *req;
173 size_t total;
174 struct scatterlist *in_sg;
175 size_t in_offset;
176 struct scatterlist *out_sg;
177 size_t out_offset;
178};
179
180static struct tegra_aes_dev *aes_dev;
181
182struct tegra_aes_ctx {
183 struct tegra_aes_dev *dd;
184 unsigned long flags;
185 struct tegra_aes_slot *slot;
186 u8 key[AES_MAX_KEY_SIZE];
187 size_t keylen;
188};
189
190static struct tegra_aes_ctx rng_ctx = {
191 .flags = FLAGS_NEW_KEY,
192 .keylen = AES_KEYSIZE_128,
193};
194
195/* keep registered devices data here */
196static struct list_head dev_list;
197static DEFINE_SPINLOCK(list_lock);
198static DEFINE_MUTEX(aes_lock);
199
200static void aes_workqueue_handler(struct work_struct *work);
201static DECLARE_WORK(aes_work, aes_workqueue_handler);
202static struct workqueue_struct *aes_wq;
203
204extern unsigned long long tegra_chip_uid(void);
205
206static inline u32 aes_readl(struct tegra_aes_dev *dd, u32 offset)
207{
208 return readl(dd->io_base + offset);
209}
210
211static inline void aes_writel(struct tegra_aes_dev *dd, u32 val, u32 offset)
212{
213 writel(val, dd->io_base + offset);
214}
215
216static int aes_start_crypt(struct tegra_aes_dev *dd, u32 in_addr, u32 out_addr,
217 int nblocks, int mode, bool upd_iv)
218{
219 u32 cmdq[AES_HW_MAX_ICQ_LENGTH];
220 int i, eng_busy, icq_empty, ret;
221 u32 value;
222
223 /* reset all the interrupt bits */
224 aes_writel(dd, 0xFFFFFFFF, TEGRA_AES_INTR_STATUS);
225
226 /* enable error, dma xfer complete interrupts */
227 aes_writel(dd, 0x33, TEGRA_AES_INT_ENB);
228
229 cmdq[0] = CMD_DMASETUP << CMDQ_OPCODE_SHIFT;
230 cmdq[1] = in_addr;
231 cmdq[2] = CMD_BLKSTARTENGINE << CMDQ_OPCODE_SHIFT | (nblocks-1);
232 cmdq[3] = CMD_DMACOMPLETE << CMDQ_OPCODE_SHIFT;
233
234 value = aes_readl(dd, TEGRA_AES_CMDQUE_CONTROL);
235 /* access SDRAM through AHB */
236 value &= ~TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD;
237 value &= ~TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD;
238 value |= TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD |
239 TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD |
240 TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD;
241 aes_writel(dd, value, TEGRA_AES_CMDQUE_CONTROL);
242 dev_dbg(dd->dev, "cmd_q_ctrl=0x%x", value);
243
244 value = (0x1 << TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT) |
245 ((dd->ctx->keylen * 8) <<
246 TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT) |
247 ((u32)upd_iv << TEGRA_AES_SECURE_IV_SELECT_SHIFT);
248
249 if (mode & FLAGS_CBC) {
250 value |= ((((mode & FLAGS_ENCRYPT) ? 2 : 3)
251 << TEGRA_AES_SECURE_XOR_POS_SHIFT) |
252 (((mode & FLAGS_ENCRYPT) ? 2 : 3)
253 << TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT) |
254 ((mode & FLAGS_ENCRYPT) ? 1 : 0)
255 << TEGRA_AES_SECURE_CORE_SEL_SHIFT);
256 } else if (mode & FLAGS_OFB) {
257 value |= ((TEGRA_AES_SECURE_XOR_POS_FIELD) |
258 (2 << TEGRA_AES_SECURE_INPUT_SEL_SHIFT) |
259 (TEGRA_AES_SECURE_CORE_SEL_FIELD));
260 } else if (mode & FLAGS_RNG) {
261 value |= (((mode & FLAGS_ENCRYPT) ? 1 : 0)
262 << TEGRA_AES_SECURE_CORE_SEL_SHIFT |
263 TEGRA_AES_SECURE_RNG_ENB_FIELD);
264 } else {
265 value |= (((mode & FLAGS_ENCRYPT) ? 1 : 0)
266 << TEGRA_AES_SECURE_CORE_SEL_SHIFT);
267 }
268
269 dev_dbg(dd->dev, "secure_in_sel=0x%x", value);
270 aes_writel(dd, value, TEGRA_AES_SECURE_INPUT_SELECT);
271
272 aes_writel(dd, out_addr, TEGRA_AES_SECURE_DEST_ADDR);
273 INIT_COMPLETION(dd->op_complete);
274
275 for (i = 0; i < AES_HW_MAX_ICQ_LENGTH - 1; i++) {
276 do {
277 value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
278 eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD;
279 icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD;
280 } while (eng_busy & (!icq_empty));
281 aes_writel(dd, cmdq[i], TEGRA_AES_ICMDQUE_WR);
282 }
283
284 ret = wait_for_completion_timeout(&dd->op_complete,
285 msecs_to_jiffies(150));
286 if (ret == 0) {
287 dev_err(dd->dev, "timed out (0x%x)\n",
288 aes_readl(dd, TEGRA_AES_INTR_STATUS));
289 return -ETIMEDOUT;
290 }
291
292 aes_writel(dd, cmdq[AES_HW_MAX_ICQ_LENGTH - 1], TEGRA_AES_ICMDQUE_WR);
293 return 0;
294}
295
296static void aes_release_key_slot(struct tegra_aes_slot *slot)
297{
298 if (slot->slot_num == SSK_SLOT_NUM)
299 return;
300
301 spin_lock(&list_lock);
302 list_add_tail(&slot->node, &dev_list);
303 slot = NULL;
304 spin_unlock(&list_lock);
305}
306
307static struct tegra_aes_slot *aes_find_key_slot(void)
308{
309 struct tegra_aes_slot *slot = NULL;
310 struct list_head *new_head;
311 int empty;
312
313 spin_lock(&list_lock);
314 empty = list_empty(&dev_list);
315 if (!empty) {
316 slot = list_entry(&dev_list, struct tegra_aes_slot, node);
317 new_head = dev_list.next;
318 list_del(&dev_list);
319 dev_list.next = new_head->next;
320 dev_list.prev = NULL;
321 }
322 spin_unlock(&list_lock);
323
324 return slot;
325}
326
327static int aes_set_key(struct tegra_aes_dev *dd)
328{
329 u32 value, cmdq[2];
330 struct tegra_aes_ctx *ctx = dd->ctx;
331 int eng_busy, icq_empty, dma_busy;
332 bool use_ssk = false;
333
334 /* use ssk? */
335 if (!dd->ctx->slot) {
336 dev_dbg(dd->dev, "using ssk");
337 dd->ctx->slot = &ssk;
338 use_ssk = true;
339 }
340
341 /* enable key schedule generation in hardware */
342 value = aes_readl(dd, TEGRA_AES_SECURE_CONFIG_EXT);
343 value &= ~TEGRA_AES_SECURE_KEY_SCH_DIS_FIELD;
344 aes_writel(dd, value, TEGRA_AES_SECURE_CONFIG_EXT);
345
346 /* select the key slot */
347 value = aes_readl(dd, TEGRA_AES_SECURE_CONFIG);
348 value &= ~TEGRA_AES_SECURE_KEY_INDEX_FIELD;
349 value |= (ctx->slot->slot_num << TEGRA_AES_SECURE_KEY_INDEX_SHIFT);
350 aes_writel(dd, value, TEGRA_AES_SECURE_CONFIG);
351
352 if (use_ssk)
353 return 0;
354
355 /* copy the key table from sdram to vram */
356 cmdq[0] = CMD_MEMDMAVD << CMDQ_OPCODE_SHIFT |
357 MEMDMA_DIR_DTOVRAM << MEMDMA_DIR_SHIFT |
358 AES_HW_KEY_TABLE_LENGTH_BYTES / sizeof(u32) <<
359 MEMDMA_NUM_WORDS_SHIFT;
360 cmdq[1] = (u32)dd->ivkey_phys_base;
361
362 aes_writel(dd, cmdq[0], TEGRA_AES_ICMDQUE_WR);
363 aes_writel(dd, cmdq[1], TEGRA_AES_ICMDQUE_WR);
364
365 do {
366 value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
367 eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD;
368 icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD;
369 dma_busy = value & TEGRA_AES_DMA_BUSY_FIELD;
370 } while (eng_busy & (!icq_empty) & dma_busy);
371
372 /* settable command to get key into internal registers */
373 value = CMD_SETTABLE << CMDQ_OPCODE_SHIFT |
374 SUBCMD_CRYPTO_TABLE_SEL << CMDQ_TABLESEL_SHIFT |
375 SUBCMD_VRAM_SEL << CMDQ_VRAMSEL_SHIFT |
376 (SUBCMD_KEY_TABLE_SEL | ctx->slot->slot_num) <<
377 CMDQ_KEYTABLEID_SHIFT;
378 aes_writel(dd, value, TEGRA_AES_ICMDQUE_WR);
379
380 do {
381 value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
382 eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD;
383 icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD;
384 } while (eng_busy & (!icq_empty));
385
386 return 0;
387}
388
389static int tegra_aes_handle_req(struct tegra_aes_dev *dd)
390{
391 struct crypto_async_request *async_req, *backlog;
392 struct crypto_ablkcipher *tfm;
393 struct tegra_aes_ctx *ctx;
394 struct tegra_aes_reqctx *rctx;
395 struct ablkcipher_request *req;
396 unsigned long flags;
397 int dma_max = AES_HW_DMA_BUFFER_SIZE_BYTES;
398 int ret = 0, nblocks, total;
399 int count = 0;
400 dma_addr_t addr_in, addr_out;
401 struct scatterlist *in_sg, *out_sg;
402
403 if (!dd)
404 return -EINVAL;
405
406 spin_lock_irqsave(&dd->lock, flags);
407 backlog = crypto_get_backlog(&dd->queue);
408 async_req = crypto_dequeue_request(&dd->queue);
409 if (!async_req)
410 clear_bit(FLAGS_BUSY, &dd->flags);
411 spin_unlock_irqrestore(&dd->lock, flags);
412
413 if (!async_req)
414 return -ENODATA;
415
416 if (backlog)
417 backlog->complete(backlog, -EINPROGRESS);
418
419 req = ablkcipher_request_cast(async_req);
420
421 dev_dbg(dd->dev, "%s: get new req\n", __func__);
422
423 if (!req->src || !req->dst)
424 return -EINVAL;
425
426 /* take mutex to access the aes hw */
427 mutex_lock(&aes_lock);
428
429 /* assign new request to device */
430 dd->req = req;
431 dd->total = req->nbytes;
432 dd->in_offset = 0;
433 dd->in_sg = req->src;
434 dd->out_offset = 0;
435 dd->out_sg = req->dst;
436
437 in_sg = dd->in_sg;
438 out_sg = dd->out_sg;
439
440 total = dd->total;
441
442 tfm = crypto_ablkcipher_reqtfm(req);
443 rctx = ablkcipher_request_ctx(req);
444 ctx = crypto_ablkcipher_ctx(tfm);
445 rctx->mode &= FLAGS_MODE_MASK;
446 dd->flags = (dd->flags & ~FLAGS_MODE_MASK) | rctx->mode;
447
448 dd->iv = (u8 *)req->info;
449 dd->ivlen = crypto_ablkcipher_ivsize(tfm);
450
451 /* assign new context to device */
452 ctx->dd = dd;
453 dd->ctx = ctx;
454
455 if (ctx->flags & FLAGS_NEW_KEY) {
456 /* copy the key */
457 memcpy(dd->ivkey_base, ctx->key, ctx->keylen);
458 memset(dd->ivkey_base + ctx->keylen, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - ctx->keylen);
459 aes_set_key(dd);
460 ctx->flags &= ~FLAGS_NEW_KEY;
461 }
462
463 if (((dd->flags & FLAGS_CBC) || (dd->flags & FLAGS_OFB)) && dd->iv) {
464 /* set iv to the aes hw slot
465 * Hw generates updated iv only after iv is set in slot.
466 * So key and iv is passed asynchronously.
467 */
468 memcpy(dd->buf_in, dd->iv, dd->ivlen);
469
470 ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
471 dd->dma_buf_out, 1, FLAGS_CBC, false);
472 if (ret < 0) {
473 dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
474 goto out;
475 }
476 }
477
478 while (total) {
479 dev_dbg(dd->dev, "remain: %d\n", total);
480 ret = dma_map_sg(dd->dev, in_sg, 1, DMA_TO_DEVICE);
481 if (!ret) {
482 dev_err(dd->dev, "dma_map_sg() error\n");
483 goto out;
484 }
485
486 ret = dma_map_sg(dd->dev, out_sg, 1, DMA_FROM_DEVICE);
487 if (!ret) {
488 dev_err(dd->dev, "dma_map_sg() error\n");
489 dma_unmap_sg(dd->dev, dd->in_sg,
490 1, DMA_TO_DEVICE);
491 goto out;
492 }
493
494 addr_in = sg_dma_address(in_sg);
495 addr_out = sg_dma_address(out_sg);
496 dd->flags |= FLAGS_FAST;
497 count = min_t(int, sg_dma_len(in_sg), dma_max);
498 WARN_ON(sg_dma_len(in_sg) != sg_dma_len(out_sg));
499 nblocks = DIV_ROUND_UP(count, AES_BLOCK_SIZE);
500
501 ret = aes_start_crypt(dd, addr_in, addr_out, nblocks,
502 dd->flags, true);
503
504 dma_unmap_sg(dd->dev, out_sg, 1, DMA_FROM_DEVICE);
505 dma_unmap_sg(dd->dev, in_sg, 1, DMA_TO_DEVICE);
506
507 if (ret < 0) {
508 dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
509 goto out;
510 }
511 dd->flags &= ~FLAGS_FAST;
512
513 dev_dbg(dd->dev, "out: copied %d\n", count);
514 total -= count;
515 in_sg = sg_next(in_sg);
516 out_sg = sg_next(out_sg);
517 WARN_ON(((total != 0) && (!in_sg || !out_sg)));
518 }
519
520out:
521 mutex_unlock(&aes_lock);
522
523 dd->total = total;
524
525 if (dd->req->base.complete)
526 dd->req->base.complete(&dd->req->base, ret);
527
528 dev_dbg(dd->dev, "%s: exit\n", __func__);
529 return ret;
530}
531
532static int tegra_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
533 unsigned int keylen)
534{
535 struct tegra_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm);
536 struct tegra_aes_dev *dd = aes_dev;
537 struct tegra_aes_slot *key_slot;
538
539 if ((keylen != AES_KEYSIZE_128) && (keylen != AES_KEYSIZE_192) &&
540 (keylen != AES_KEYSIZE_256)) {
541 dev_err(dd->dev, "unsupported key size\n");
542 crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
543 return -EINVAL;
544 }
545
546 dev_dbg(dd->dev, "keylen: %d\n", keylen);
547
548 ctx->dd = dd;
549
550 if (key) {
551 if (!ctx->slot) {
552 key_slot = aes_find_key_slot();
553 if (!key_slot) {
554 dev_err(dd->dev, "no empty slot\n");
555 return -ENOMEM;
556 }
557
558 ctx->slot = key_slot;
559 }
560
561 memcpy(ctx->key, key, keylen);
562 ctx->keylen = keylen;
563 }
564
565 ctx->flags |= FLAGS_NEW_KEY;
566 dev_dbg(dd->dev, "done\n");
567 return 0;
568}
569
570static void aes_workqueue_handler(struct work_struct *work)
571{
572 struct tegra_aes_dev *dd = aes_dev;
573 int ret;
574
575 ret = clk_enable(dd->aes_clk);
576 if (ret)
577 BUG_ON("clock enable failed");
578
579 /* empty the crypto queue and then return */
580 do {
581 ret = tegra_aes_handle_req(dd);
582 } while (!ret);
583
584 clk_disable(dd->aes_clk);
585}
586
587static irqreturn_t aes_irq(int irq, void *dev_id)
588{
589 struct tegra_aes_dev *dd = (struct tegra_aes_dev *)dev_id;
590 u32 value = aes_readl(dd, TEGRA_AES_INTR_STATUS);
591 int busy = test_bit(FLAGS_BUSY, &dd->flags);
592
593 if (!busy) {
594 dev_dbg(dd->dev, "spurious interrupt\n");
595 return IRQ_NONE;
596 }
597
598 dev_dbg(dd->dev, "irq_stat: 0x%x\n", value);
599 if (value & TEGRA_AES_INT_ERROR_MASK)
600 aes_writel(dd, TEGRA_AES_INT_ERROR_MASK, TEGRA_AES_INTR_STATUS);
601
602 if (!(value & TEGRA_AES_ENGINE_BUSY_FIELD))
603 complete(&dd->op_complete);
604 else
605 return IRQ_NONE;
606
607 return IRQ_HANDLED;
608}
609
610static int tegra_aes_crypt(struct ablkcipher_request *req, unsigned long mode)
611{
612 struct tegra_aes_reqctx *rctx = ablkcipher_request_ctx(req);
613 struct tegra_aes_dev *dd = aes_dev;
614 unsigned long flags;
615 int err = 0;
616 int busy;
617
618 dev_dbg(dd->dev, "nbytes: %d, enc: %d, cbc: %d, ofb: %d\n",
619 req->nbytes, !!(mode & FLAGS_ENCRYPT),
620 !!(mode & FLAGS_CBC), !!(mode & FLAGS_OFB));
621
622 rctx->mode = mode;
623
624 spin_lock_irqsave(&dd->lock, flags);
625 err = ablkcipher_enqueue_request(&dd->queue, req);
626 busy = test_and_set_bit(FLAGS_BUSY, &dd->flags);
627 spin_unlock_irqrestore(&dd->lock, flags);
628
629 if (!busy)
630 queue_work(aes_wq, &aes_work);
631
632 return err;
633}
634
635static int tegra_aes_ecb_encrypt(struct ablkcipher_request *req)
636{
637 return tegra_aes_crypt(req, FLAGS_ENCRYPT);
638}
639
640static int tegra_aes_ecb_decrypt(struct ablkcipher_request *req)
641{
642 return tegra_aes_crypt(req, 0);
643}
644
645static int tegra_aes_cbc_encrypt(struct ablkcipher_request *req)
646{
647 return tegra_aes_crypt(req, FLAGS_ENCRYPT | FLAGS_CBC);
648}
649
650static int tegra_aes_cbc_decrypt(struct ablkcipher_request *req)
651{
652 return tegra_aes_crypt(req, FLAGS_CBC);
653}
654
655static int tegra_aes_ofb_encrypt(struct ablkcipher_request *req)
656{
657 return tegra_aes_crypt(req, FLAGS_ENCRYPT | FLAGS_OFB);
658}
659
660static int tegra_aes_ofb_decrypt(struct ablkcipher_request *req)
661{
662 return tegra_aes_crypt(req, FLAGS_OFB);
663}
664
665static int tegra_aes_get_random(struct crypto_rng *tfm, u8 *rdata,
666 unsigned int dlen)
667{
668 struct tegra_aes_dev *dd = aes_dev;
669 struct tegra_aes_ctx *ctx = &rng_ctx;
670 int ret, i;
671 u8 *dest = rdata, *dt = dd->dt;
672
673 /* take mutex to access the aes hw */
674 mutex_lock(&aes_lock);
675
676 ret = clk_enable(dd->aes_clk);
677 if (ret)
678 return ret;
679
680 ctx->dd = dd;
681 dd->ctx = ctx;
682 dd->flags = FLAGS_ENCRYPT | FLAGS_RNG;
683
684 memcpy(dd->buf_in, dt, DEFAULT_RNG_BLK_SZ);
685
686 ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
687 (u32)dd->dma_buf_out, 1, dd->flags, true);
688 if (ret < 0) {
689 dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
690 dlen = ret;
691 goto out;
692 }
693 memcpy(dest, dd->buf_out, dlen);
694
695 /* update the DT */
696 for (i = DEFAULT_RNG_BLK_SZ - 1; i >= 0; i--) {
697 dt[i] += 1;
698 if (dt[i] != 0)
699 break;
700 }
701
702out:
703 clk_disable(dd->aes_clk);
704 mutex_unlock(&aes_lock);
705
706 dev_dbg(dd->dev, "%s: done\n", __func__);
707 return dlen;
708}
709
710static int tegra_aes_rng_reset(struct crypto_rng *tfm, u8 *seed,
711 unsigned int slen)
712{
713 struct tegra_aes_dev *dd = aes_dev;
714 struct tegra_aes_ctx *ctx = &rng_ctx;
715 struct tegra_aes_slot *key_slot;
716 struct timespec ts;
717 int ret = 0;
718 u64 nsec, tmp[2];
719 u8 *dt;
720
721 if (!ctx || !dd) {
722 dev_err(dd->dev, "ctx=0x%x, dd=0x%x\n",
723 (unsigned int)ctx, (unsigned int)dd);
724 return -EINVAL;
725 }
726
727 if (slen < (DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128)) {
728 dev_err(dd->dev, "seed size invalid");
729 return -ENOMEM;
730 }
731
732 /* take mutex to access the aes hw */
733 mutex_lock(&aes_lock);
734
735 if (!ctx->slot) {
736 key_slot = aes_find_key_slot();
737 if (!key_slot) {
738 dev_err(dd->dev, "no empty slot\n");
739 mutex_unlock(&aes_lock);
740 return -ENOMEM;
741 }
742 ctx->slot = key_slot;
743 }
744
745 ctx->dd = dd;
746 dd->ctx = ctx;
747 dd->ctr = 0;
748
749 ctx->keylen = AES_KEYSIZE_128;
750 ctx->flags |= FLAGS_NEW_KEY;
751
752 /* copy the key to the key slot */
753 memcpy(dd->ivkey_base, seed + DEFAULT_RNG_BLK_SZ, AES_KEYSIZE_128);
754 memset(dd->ivkey_base + AES_KEYSIZE_128, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - AES_KEYSIZE_128);
755
756 dd->iv = seed;
757 dd->ivlen = slen;
758
759 dd->flags = FLAGS_ENCRYPT | FLAGS_RNG;
760
761 ret = clk_enable(dd->aes_clk);
762 if (ret)
763 return ret;
764
765 aes_set_key(dd);
766
767 /* set seed to the aes hw slot */
768 memcpy(dd->buf_in, dd->iv, DEFAULT_RNG_BLK_SZ);
769 ret = aes_start_crypt(dd, (u32)dd->dma_buf_in,
770 dd->dma_buf_out, 1, FLAGS_CBC, false);
771 if (ret < 0) {
772 dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret);
773 goto out;
774 }
775
776 if (dd->ivlen >= (2 * DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128)) {
777 dt = dd->iv + DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128;
778 } else {
779 getnstimeofday(&ts);
780 nsec = timespec_to_ns(&ts);
781 do_div(nsec, 1000);
782 nsec ^= dd->ctr << 56;
783 dd->ctr++;
784 tmp[0] = nsec;
785 tmp[1] = tegra_chip_uid();
786 dt = (u8 *)tmp;
787 }
788 memcpy(dd->dt, dt, DEFAULT_RNG_BLK_SZ);
789
790out:
791 clk_disable(dd->aes_clk);
792 mutex_unlock(&aes_lock);
793
794 dev_dbg(dd->dev, "%s: done\n", __func__);
795 return ret;
796}
797
798static int tegra_aes_cra_init(struct crypto_tfm *tfm)
799{
800 tfm->crt_ablkcipher.reqsize = sizeof(struct tegra_aes_reqctx);
801
802 return 0;
803}
804
805void tegra_aes_cra_exit(struct crypto_tfm *tfm)
806{
807 struct tegra_aes_ctx *ctx =
808 crypto_ablkcipher_ctx((struct crypto_ablkcipher *)tfm);
809
810 if (ctx && ctx->slot)
811 aes_release_key_slot(ctx->slot);
812}
813
814static struct crypto_alg algs[] = {
815 {
816 .cra_name = "ecb(aes)",
817 .cra_driver_name = "ecb-aes-tegra",
818 .cra_priority = 300,
819 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
820 .cra_blocksize = AES_BLOCK_SIZE,
821 .cra_alignmask = 3,
822 .cra_type = &crypto_ablkcipher_type,
823 .cra_u.ablkcipher = {
824 .min_keysize = AES_MIN_KEY_SIZE,
825 .max_keysize = AES_MAX_KEY_SIZE,
826 .setkey = tegra_aes_setkey,
827 .encrypt = tegra_aes_ecb_encrypt,
828 .decrypt = tegra_aes_ecb_decrypt,
829 },
830 }, {
831 .cra_name = "cbc(aes)",
832 .cra_driver_name = "cbc-aes-tegra",
833 .cra_priority = 300,
834 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
835 .cra_blocksize = AES_BLOCK_SIZE,
836 .cra_alignmask = 3,
837 .cra_type = &crypto_ablkcipher_type,
838 .cra_u.ablkcipher = {
839 .min_keysize = AES_MIN_KEY_SIZE,
840 .max_keysize = AES_MAX_KEY_SIZE,
841 .ivsize = AES_MIN_KEY_SIZE,
842 .setkey = tegra_aes_setkey,
843 .encrypt = tegra_aes_cbc_encrypt,
844 .decrypt = tegra_aes_cbc_decrypt,
845 }
846 }, {
847 .cra_name = "ofb(aes)",
848 .cra_driver_name = "ofb-aes-tegra",
849 .cra_priority = 300,
850 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
851 .cra_blocksize = AES_BLOCK_SIZE,
852 .cra_alignmask = 3,
853 .cra_type = &crypto_ablkcipher_type,
854 .cra_u.ablkcipher = {
855 .min_keysize = AES_MIN_KEY_SIZE,
856 .max_keysize = AES_MAX_KEY_SIZE,
857 .ivsize = AES_MIN_KEY_SIZE,
858 .setkey = tegra_aes_setkey,
859 .encrypt = tegra_aes_ofb_encrypt,
860 .decrypt = tegra_aes_ofb_decrypt,
861 }
862 }, {
863 .cra_name = "ansi_cprng",
864 .cra_driver_name = "rng-aes-tegra",
865 .cra_flags = CRYPTO_ALG_TYPE_RNG,
866 .cra_ctxsize = sizeof(struct tegra_aes_ctx),
867 .cra_type = &crypto_rng_type,
868 .cra_u.rng = {
869 .rng_make_random = tegra_aes_get_random,
870 .rng_reset = tegra_aes_rng_reset,
871 .seedsize = AES_KEYSIZE_128 + (2 * DEFAULT_RNG_BLK_SZ),
872 }
873 }
874};
875
876static int tegra_aes_probe(struct platform_device *pdev)
877{
878 struct device *dev = &pdev->dev;
879 struct tegra_aes_dev *dd;
880 struct resource *res;
881 int err = -ENOMEM, i = 0, j;
882
883 dd = devm_kzalloc(dev, sizeof(struct tegra_aes_dev), GFP_KERNEL);
884 if (dd == NULL) {
885 dev_err(dev, "unable to alloc data struct.\n");
886 return err;
887 }
888
889 dd->dev = dev;
890 platform_set_drvdata(pdev, dd);
891
892 dd->slots = devm_kzalloc(dev, sizeof(struct tegra_aes_slot) *
893 AES_NR_KEYSLOTS, GFP_KERNEL);
894 if (dd->slots == NULL) {
895 dev_err(dev, "unable to alloc slot struct.\n");
896 goto out;
897 }
898
899 spin_lock_init(&dd->lock);
900 crypto_init_queue(&dd->queue, TEGRA_AES_QUEUE_LENGTH);
901
902 /* Get the module base address */
903 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
904 if (!res) {
905 dev_err(dev, "invalid resource type: base\n");
906 err = -ENODEV;
907 goto out;
908 }
909
910 if (!devm_request_mem_region(&pdev->dev, res->start,
911 resource_size(res),
912 dev_name(&pdev->dev))) {
913 dev_err(&pdev->dev, "Couldn't request MEM resource\n");
914 return -ENODEV;
915 }
916
917 dd->io_base = devm_ioremap(dev, res->start, resource_size(res));
918 if (!dd->io_base) {
919 dev_err(dev, "can't ioremap register space\n");
920 err = -ENOMEM;
921 goto out;
922 }
923
924 /* Initialize the vde clock */
925 dd->aes_clk = clk_get(dev, "vde");
926 if (IS_ERR(dd->aes_clk)) {
927 dev_err(dev, "iclock intialization failed.\n");
928 err = -ENODEV;
929 goto out;
930 }
931
932 err = clk_set_rate(dd->aes_clk, ULONG_MAX);
933 if (err) {
934 dev_err(dd->dev, "iclk set_rate fail(%d)\n", err);
935 goto out;
936 }
937
938 /*
939 * the foll contiguous memory is allocated as follows -
940 * - hardware key table
941 * - key schedule
942 */
943 dd->ivkey_base = dma_alloc_coherent(dev, AES_HW_KEY_TABLE_LENGTH_BYTES,
944 &dd->ivkey_phys_base,
945 GFP_KERNEL);
946 if (!dd->ivkey_base) {
947 dev_err(dev, "can not allocate iv/key buffer\n");
948 err = -ENOMEM;
949 goto out;
950 }
951
952 dd->buf_in = dma_alloc_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
953 &dd->dma_buf_in, GFP_KERNEL);
954 if (!dd->buf_in) {
955 dev_err(dev, "can not allocate dma-in buffer\n");
956 err = -ENOMEM;
957 goto out;
958 }
959
960 dd->buf_out = dma_alloc_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
961 &dd->dma_buf_out, GFP_KERNEL);
962 if (!dd->buf_out) {
963 dev_err(dev, "can not allocate dma-out buffer\n");
964 err = -ENOMEM;
965 goto out;
966 }
967
968 init_completion(&dd->op_complete);
969 aes_wq = alloc_workqueue("tegra_aes_wq", WQ_HIGHPRI | WQ_UNBOUND, 1);
970 if (!aes_wq) {
971 dev_err(dev, "alloc_workqueue failed\n");
972 goto out;
973 }
974
975 /* get the irq */
976 res = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
977 if (!res) {
978 dev_err(dev, "invalid resource type: base\n");
979 err = -ENODEV;
980 goto out;
981 }
982 dd->irq = res->start;
983
984 err = devm_request_irq(dev, dd->irq, aes_irq, IRQF_TRIGGER_HIGH |
985 IRQF_SHARED, "tegra-aes", dd);
986 if (err) {
987 dev_err(dev, "request_irq failed\n");
988 goto out;
989 }
990
991 mutex_init(&aes_lock);
992 INIT_LIST_HEAD(&dev_list);
993
994 spin_lock_init(&list_lock);
995 spin_lock(&list_lock);
996 for (i = 0; i < AES_NR_KEYSLOTS; i++) {
997 if (i == SSK_SLOT_NUM)
998 continue;
999 dd->slots[i].slot_num = i;
1000 INIT_LIST_HEAD(&dd->slots[i].node);
1001 list_add_tail(&dd->slots[i].node, &dev_list);
1002 }
1003 spin_unlock(&list_lock);
1004
1005 aes_dev = dd;
1006 for (i = 0; i < ARRAY_SIZE(algs); i++) {
1007 INIT_LIST_HEAD(&algs[i].cra_list);
1008
1009 algs[i].cra_priority = 300;
1010 algs[i].cra_ctxsize = sizeof(struct tegra_aes_ctx);
1011 algs[i].cra_module = THIS_MODULE;
1012 algs[i].cra_init = tegra_aes_cra_init;
1013 algs[i].cra_exit = tegra_aes_cra_exit;
1014
1015 err = crypto_register_alg(&algs[i]);
1016 if (err)
1017 goto out;
1018 }
1019
1020 dev_info(dev, "registered");
1021 return 0;
1022
1023out:
1024 for (j = 0; j < i; j++)
1025 crypto_unregister_alg(&algs[j]);
1026 if (dd->ivkey_base)
1027 dma_free_coherent(dev, AES_HW_KEY_TABLE_LENGTH_BYTES,
1028 dd->ivkey_base, dd->ivkey_phys_base);
1029 if (dd->buf_in)
1030 dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
1031 dd->buf_in, dd->dma_buf_in);
1032 if (dd->buf_out)
1033 dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
1034 dd->buf_out, dd->dma_buf_out);
1035 if (IS_ERR(dd->aes_clk))
1036 clk_put(dd->aes_clk);
1037 if (aes_wq)
1038 destroy_workqueue(aes_wq);
1039 spin_lock(&list_lock);
1040 list_del(&dev_list);
1041 spin_unlock(&list_lock);
1042
1043 aes_dev = NULL;
1044
1045 dev_err(dev, "%s: initialization failed.\n", __func__);
1046 return err;
1047}
1048
1049static int __devexit tegra_aes_remove(struct platform_device *pdev)
1050{
1051 struct device *dev = &pdev->dev;
1052 struct tegra_aes_dev *dd = platform_get_drvdata(pdev);
1053 int i;
1054
1055 for (i = 0; i < ARRAY_SIZE(algs); i++)
1056 crypto_unregister_alg(&algs[i]);
1057
1058 cancel_work_sync(&aes_work);
1059 destroy_workqueue(aes_wq);
1060 spin_lock(&list_lock);
1061 list_del(&dev_list);
1062 spin_unlock(&list_lock);
1063
1064 dma_free_coherent(dev, AES_HW_KEY_TABLE_LENGTH_BYTES,
1065 dd->ivkey_base, dd->ivkey_phys_base);
1066 dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
1067 dd->buf_in, dd->dma_buf_in);
1068 dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES,
1069 dd->buf_out, dd->dma_buf_out);
1070 clk_put(dd->aes_clk);
1071 aes_dev = NULL;
1072
1073 return 0;
1074}
1075
1076static struct of_device_id tegra_aes_of_match[] __devinitdata = {
1077 { .compatible = "nvidia,tegra20-aes", },
1078 { .compatible = "nvidia,tegra30-aes", },
1079 { },
1080};
1081
1082static struct platform_driver tegra_aes_driver = {
1083 .probe = tegra_aes_probe,
1084 .remove = __devexit_p(tegra_aes_remove),
1085 .driver = {
1086 .name = "tegra-aes",
1087 .owner = THIS_MODULE,
1088 .of_match_table = tegra_aes_of_match,
1089 },
1090};
1091
1092module_platform_driver(tegra_aes_driver);
1093
1094MODULE_DESCRIPTION("Tegra AES/OFB/CPRNG hw acceleration support.");
1095MODULE_AUTHOR("NVIDIA Corporation");
1096MODULE_LICENSE("GPL v2");
diff --git a/drivers/crypto/tegra-aes.h b/drivers/crypto/tegra-aes.h
new file mode 100644
index 000000000000..6006333a8934
--- /dev/null
+++ b/drivers/crypto/tegra-aes.h
@@ -0,0 +1,103 @@
1/*
2 * Copyright (c) 2010, NVIDIA Corporation.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 */
18
19#ifndef __CRYPTODEV_TEGRA_AES_H
20#define __CRYPTODEV_TEGRA_AES_H
21
22#define TEGRA_AES_ICMDQUE_WR 0x1000
23#define TEGRA_AES_CMDQUE_CONTROL 0x1008
24#define TEGRA_AES_INTR_STATUS 0x1018
25#define TEGRA_AES_INT_ENB 0x1040
26#define TEGRA_AES_CONFIG 0x1044
27#define TEGRA_AES_IRAM_ACCESS_CFG 0x10A0
28#define TEGRA_AES_SECURE_DEST_ADDR 0x1100
29#define TEGRA_AES_SECURE_INPUT_SELECT 0x1104
30#define TEGRA_AES_SECURE_CONFIG 0x1108
31#define TEGRA_AES_SECURE_CONFIG_EXT 0x110C
32#define TEGRA_AES_SECURE_SECURITY 0x1110
33#define TEGRA_AES_SECURE_HASH_RESULT0 0x1120
34#define TEGRA_AES_SECURE_HASH_RESULT1 0x1124
35#define TEGRA_AES_SECURE_HASH_RESULT2 0x1128
36#define TEGRA_AES_SECURE_HASH_RESULT3 0x112C
37#define TEGRA_AES_SECURE_SEC_SEL0 0x1140
38#define TEGRA_AES_SECURE_SEC_SEL1 0x1144
39#define TEGRA_AES_SECURE_SEC_SEL2 0x1148
40#define TEGRA_AES_SECURE_SEC_SEL3 0x114C
41#define TEGRA_AES_SECURE_SEC_SEL4 0x1150
42#define TEGRA_AES_SECURE_SEC_SEL5 0x1154
43#define TEGRA_AES_SECURE_SEC_SEL6 0x1158
44#define TEGRA_AES_SECURE_SEC_SEL7 0x115C
45
46/* interrupt status reg masks and shifts */
47#define TEGRA_AES_ENGINE_BUSY_FIELD BIT(0)
48#define TEGRA_AES_ICQ_EMPTY_FIELD BIT(3)
49#define TEGRA_AES_DMA_BUSY_FIELD BIT(23)
50
51/* secure select reg masks and shifts */
52#define TEGRA_AES_SECURE_SEL0_KEYREAD_ENB0_FIELD BIT(0)
53
54/* secure config ext masks and shifts */
55#define TEGRA_AES_SECURE_KEY_SCH_DIS_FIELD BIT(15)
56
57/* secure config masks and shifts */
58#define TEGRA_AES_SECURE_KEY_INDEX_SHIFT 20
59#define TEGRA_AES_SECURE_KEY_INDEX_FIELD (0x1F << TEGRA_AES_SECURE_KEY_INDEX_SHIFT)
60#define TEGRA_AES_SECURE_BLOCK_CNT_SHIFT 0
61#define TEGRA_AES_SECURE_BLOCK_CNT_FIELD (0xFFFFF << TEGRA_AES_SECURE_BLOCK_CNT_SHIFT)
62
63/* stream interface select masks and shifts */
64#define TEGRA_AES_CMDQ_CTRL_UCMDQEN_FIELD BIT(0)
65#define TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD BIT(1)
66#define TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD BIT(4)
67#define TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD BIT(5)
68
69/* config register masks and shifts */
70#define TEGRA_AES_CONFIG_ENDIAN_ENB_FIELD BIT(10)
71#define TEGRA_AES_CONFIG_MODE_SEL_SHIFT 0
72#define TEGRA_AES_CONFIG_MODE_SEL_FIELD (0x1F << TEGRA_AES_CONFIG_MODE_SEL_SHIFT)
73
74/* extended config */
75#define TEGRA_AES_SECURE_OFFSET_CNT_SHIFT 24
76#define TEGRA_AES_SECURE_OFFSET_CNT_FIELD (0xFF << TEGRA_AES_SECURE_OFFSET_CNT_SHIFT)
77#define TEGRA_AES_SECURE_KEYSCHED_GEN_FIELD BIT(15)
78
79/* init vector select */
80#define TEGRA_AES_SECURE_IV_SELECT_SHIFT 10
81#define TEGRA_AES_SECURE_IV_SELECT_FIELD BIT(10)
82
83/* secure engine input */
84#define TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT 28
85#define TEGRA_AES_SECURE_INPUT_ALG_SEL_FIELD (0xF << TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT)
86#define TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT 16
87#define TEGRA_AES_SECURE_INPUT_KEY_LEN_FIELD (0xFFF << TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT)
88#define TEGRA_AES_SECURE_RNG_ENB_FIELD BIT(11)
89#define TEGRA_AES_SECURE_CORE_SEL_SHIFT 9
90#define TEGRA_AES_SECURE_CORE_SEL_FIELD BIT(9)
91#define TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT 7
92#define TEGRA_AES_SECURE_VCTRAM_SEL_FIELD (0x3 << TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT)
93#define TEGRA_AES_SECURE_INPUT_SEL_SHIFT 5
94#define TEGRA_AES_SECURE_INPUT_SEL_FIELD (0x3 << TEGRA_AES_SECURE_INPUT_SEL_SHIFT)
95#define TEGRA_AES_SECURE_XOR_POS_SHIFT 3
96#define TEGRA_AES_SECURE_XOR_POS_FIELD (0x3 << TEGRA_AES_SECURE_XOR_POS_SHIFT)
97#define TEGRA_AES_SECURE_HASH_ENB_FIELD BIT(2)
98#define TEGRA_AES_SECURE_ON_THE_FLY_FIELD BIT(0)
99
100/* interrupt error mask */
101#define TEGRA_AES_INT_ERROR_MASK 0xFFF000
102
103#endif
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 8a94217b298e..48ce5479386c 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -75,6 +75,11 @@
75 */ 75 */
76#define CRYPTO_ALG_INSTANCE 0x00000800 76#define CRYPTO_ALG_INSTANCE 0x00000800
77 77
78/* Set this bit if the algorithm provided is hardware accelerated but
79 * not available to userspace via instruction set or so.
80 */
81#define CRYPTO_ALG_KERN_DRIVER_ONLY 0x00001000
82
78/* 83/*
79 * Transform masks and values (for crt_flags). 84 * Transform masks and values (for crt_flags).
80 */ 85 */
@@ -309,6 +314,8 @@ struct crypto_alg {
309 */ 314 */
310int crypto_register_alg(struct crypto_alg *alg); 315int crypto_register_alg(struct crypto_alg *alg);
311int crypto_unregister_alg(struct crypto_alg *alg); 316int crypto_unregister_alg(struct crypto_alg *alg);
317int crypto_register_algs(struct crypto_alg *algs, int count);
318int crypto_unregister_algs(struct crypto_alg *algs, int count);
312 319
313/* 320/*
314 * Algorithm query interface. 321 * Algorithm query interface.
diff --git a/include/linux/padata.h b/include/linux/padata.h
index 4633b2f726b6..86292beebfe2 100644
--- a/include/linux/padata.h
+++ b/include/linux/padata.h
@@ -46,7 +46,6 @@ struct padata_priv {
46 struct list_head list; 46 struct list_head list;
47 struct parallel_data *pd; 47 struct parallel_data *pd;
48 int cb_cpu; 48 int cb_cpu;
49 int seq_nr;
50 int info; 49 int info;
51 void (*parallel)(struct padata_priv *padata); 50 void (*parallel)(struct padata_priv *padata);
52 void (*serial)(struct padata_priv *padata); 51 void (*serial)(struct padata_priv *padata);
@@ -116,7 +115,6 @@ struct padata_cpumask {
116 * @pinst: padata instance. 115 * @pinst: padata instance.
117 * @pqueue: percpu padata queues used for parallelization. 116 * @pqueue: percpu padata queues used for parallelization.
118 * @squeue: percpu padata queues used for serialuzation. 117 * @squeue: percpu padata queues used for serialuzation.
119 * @seq_nr: The sequence number that will be attached to the next object.
120 * @reorder_objects: Number of objects waiting in the reorder queues. 118 * @reorder_objects: Number of objects waiting in the reorder queues.
121 * @refcnt: Number of objects holding a reference on this parallel_data. 119 * @refcnt: Number of objects holding a reference on this parallel_data.
122 * @max_seq_nr: Maximal used sequence number. 120 * @max_seq_nr: Maximal used sequence number.
@@ -129,12 +127,12 @@ struct parallel_data {
129 struct padata_instance *pinst; 127 struct padata_instance *pinst;
130 struct padata_parallel_queue __percpu *pqueue; 128 struct padata_parallel_queue __percpu *pqueue;
131 struct padata_serial_queue __percpu *squeue; 129 struct padata_serial_queue __percpu *squeue;
132 atomic_t seq_nr;
133 atomic_t reorder_objects; 130 atomic_t reorder_objects;
134 atomic_t refcnt; 131 atomic_t refcnt;
135 unsigned int max_seq_nr;
136 struct padata_cpumask cpumask; 132 struct padata_cpumask cpumask;
137 spinlock_t lock ____cacheline_aligned; 133 spinlock_t lock ____cacheline_aligned;
134 spinlock_t seq_lock;
135 unsigned int seq_nr;
138 unsigned int processed; 136 unsigned int processed;
139 struct timer_list timer; 137 struct timer_list timer;
140}; 138};
diff --git a/kernel/padata.c b/kernel/padata.c
index b45259931512..6f10eb285ece 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -29,7 +29,6 @@
29#include <linux/sysfs.h> 29#include <linux/sysfs.h>
30#include <linux/rcupdate.h> 30#include <linux/rcupdate.h>
31 31
32#define MAX_SEQ_NR (INT_MAX - NR_CPUS)
33#define MAX_OBJ_NUM 1000 32#define MAX_OBJ_NUM 1000
34 33
35static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index) 34static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index)
@@ -43,18 +42,19 @@ static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index)
43 return target_cpu; 42 return target_cpu;
44} 43}
45 44
46static int padata_cpu_hash(struct padata_priv *padata) 45static int padata_cpu_hash(struct parallel_data *pd)
47{ 46{
48 int cpu_index; 47 int cpu_index;
49 struct parallel_data *pd;
50
51 pd = padata->pd;
52 48
53 /* 49 /*
54 * Hash the sequence numbers to the cpus by taking 50 * Hash the sequence numbers to the cpus by taking
55 * seq_nr mod. number of cpus in use. 51 * seq_nr mod. number of cpus in use.
56 */ 52 */
57 cpu_index = padata->seq_nr % cpumask_weight(pd->cpumask.pcpu); 53
54 spin_lock(&pd->seq_lock);
55 cpu_index = pd->seq_nr % cpumask_weight(pd->cpumask.pcpu);
56 pd->seq_nr++;
57 spin_unlock(&pd->seq_lock);
58 58
59 return padata_index_to_cpu(pd, cpu_index); 59 return padata_index_to_cpu(pd, cpu_index);
60} 60}
@@ -132,12 +132,7 @@ int padata_do_parallel(struct padata_instance *pinst,
132 padata->pd = pd; 132 padata->pd = pd;
133 padata->cb_cpu = cb_cpu; 133 padata->cb_cpu = cb_cpu;
134 134
135 if (unlikely(atomic_read(&pd->seq_nr) == pd->max_seq_nr)) 135 target_cpu = padata_cpu_hash(pd);
136 atomic_set(&pd->seq_nr, -1);
137
138 padata->seq_nr = atomic_inc_return(&pd->seq_nr);
139
140 target_cpu = padata_cpu_hash(padata);
141 queue = per_cpu_ptr(pd->pqueue, target_cpu); 136 queue = per_cpu_ptr(pd->pqueue, target_cpu);
142 137
143 spin_lock(&queue->parallel.lock); 138 spin_lock(&queue->parallel.lock);
@@ -173,7 +168,7 @@ EXPORT_SYMBOL(padata_do_parallel);
173static struct padata_priv *padata_get_next(struct parallel_data *pd) 168static struct padata_priv *padata_get_next(struct parallel_data *pd)
174{ 169{
175 int cpu, num_cpus; 170 int cpu, num_cpus;
176 int next_nr, next_index; 171 unsigned int next_nr, next_index;
177 struct padata_parallel_queue *queue, *next_queue; 172 struct padata_parallel_queue *queue, *next_queue;
178 struct padata_priv *padata; 173 struct padata_priv *padata;
179 struct padata_list *reorder; 174 struct padata_list *reorder;
@@ -189,14 +184,6 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd)
189 cpu = padata_index_to_cpu(pd, next_index); 184 cpu = padata_index_to_cpu(pd, next_index);
190 next_queue = per_cpu_ptr(pd->pqueue, cpu); 185 next_queue = per_cpu_ptr(pd->pqueue, cpu);
191 186
192 if (unlikely(next_nr > pd->max_seq_nr)) {
193 next_nr = next_nr - pd->max_seq_nr - 1;
194 next_index = next_nr % num_cpus;
195 cpu = padata_index_to_cpu(pd, next_index);
196 next_queue = per_cpu_ptr(pd->pqueue, cpu);
197 pd->processed = 0;
198 }
199
200 padata = NULL; 187 padata = NULL;
201 188
202 reorder = &next_queue->reorder; 189 reorder = &next_queue->reorder;
@@ -205,8 +192,6 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd)
205 padata = list_entry(reorder->list.next, 192 padata = list_entry(reorder->list.next,
206 struct padata_priv, list); 193 struct padata_priv, list);
207 194
208 BUG_ON(next_nr != padata->seq_nr);
209
210 spin_lock(&reorder->lock); 195 spin_lock(&reorder->lock);
211 list_del_init(&padata->list); 196 list_del_init(&padata->list);
212 atomic_dec(&pd->reorder_objects); 197 atomic_dec(&pd->reorder_objects);
@@ -230,6 +215,7 @@ out:
230 215
231static void padata_reorder(struct parallel_data *pd) 216static void padata_reorder(struct parallel_data *pd)
232{ 217{
218 int cb_cpu;
233 struct padata_priv *padata; 219 struct padata_priv *padata;
234 struct padata_serial_queue *squeue; 220 struct padata_serial_queue *squeue;
235 struct padata_instance *pinst = pd->pinst; 221 struct padata_instance *pinst = pd->pinst;
@@ -270,13 +256,14 @@ static void padata_reorder(struct parallel_data *pd)
270 return; 256 return;
271 } 257 }
272 258
273 squeue = per_cpu_ptr(pd->squeue, padata->cb_cpu); 259 cb_cpu = padata->cb_cpu;
260 squeue = per_cpu_ptr(pd->squeue, cb_cpu);
274 261
275 spin_lock(&squeue->serial.lock); 262 spin_lock(&squeue->serial.lock);
276 list_add_tail(&padata->list, &squeue->serial.list); 263 list_add_tail(&padata->list, &squeue->serial.list);
277 spin_unlock(&squeue->serial.lock); 264 spin_unlock(&squeue->serial.lock);
278 265
279 queue_work_on(padata->cb_cpu, pinst->wq, &squeue->work); 266 queue_work_on(cb_cpu, pinst->wq, &squeue->work);
280 } 267 }
281 268
282 spin_unlock_bh(&pd->lock); 269 spin_unlock_bh(&pd->lock);
@@ -400,7 +387,7 @@ static void padata_init_squeues(struct parallel_data *pd)
400/* Initialize all percpu queues used by parallel workers */ 387/* Initialize all percpu queues used by parallel workers */
401static void padata_init_pqueues(struct parallel_data *pd) 388static void padata_init_pqueues(struct parallel_data *pd)
402{ 389{
403 int cpu_index, num_cpus, cpu; 390 int cpu_index, cpu;
404 struct padata_parallel_queue *pqueue; 391 struct padata_parallel_queue *pqueue;
405 392
406 cpu_index = 0; 393 cpu_index = 0;
@@ -415,9 +402,6 @@ static void padata_init_pqueues(struct parallel_data *pd)
415 INIT_WORK(&pqueue->work, padata_parallel_worker); 402 INIT_WORK(&pqueue->work, padata_parallel_worker);
416 atomic_set(&pqueue->num_obj, 0); 403 atomic_set(&pqueue->num_obj, 0);
417 } 404 }
418
419 num_cpus = cpumask_weight(pd->cpumask.pcpu);
420 pd->max_seq_nr = num_cpus ? (MAX_SEQ_NR / num_cpus) * num_cpus - 1 : 0;
421} 405}
422 406
423/* Allocate and initialize the internal cpumask dependend resources. */ 407/* Allocate and initialize the internal cpumask dependend resources. */
@@ -444,7 +428,7 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
444 padata_init_pqueues(pd); 428 padata_init_pqueues(pd);
445 padata_init_squeues(pd); 429 padata_init_squeues(pd);
446 setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd); 430 setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd);
447 atomic_set(&pd->seq_nr, -1); 431 pd->seq_nr = 0;
448 atomic_set(&pd->reorder_objects, 0); 432 atomic_set(&pd->reorder_objects, 0);
449 atomic_set(&pd->refcnt, 0); 433 atomic_set(&pd->refcnt, 0);
450 pd->pinst = pinst; 434 pd->pinst = pinst;